💻
Ashish Khairnar
  • #whoami
  • Exam Reviews
    • Certified Red Team Professional Exam
  • OverTheWire
    • Bandit
      • Bandit Level 0
      • Bandit Level 0 → Level 1
      • Bandit Level 1 → Level 2
      • Bandit Level 2 → Level 3
      • Bandit Level 3 → Level 4
    • Natas
      • Natas Level 2 → Level 3
      • Natas Level 3 -> Level 4
      • Natas Level 4 -> Level 5
      • Natas Level 5 -> Level 6
      • Natas Level 6 -> Level 7
      • Natas Level 7 -> Level 8
      • Natas Level 8 -> Level 9
  • TryHackMe - Write-ups
    • TryHackMe - Vulnnet
  • HackTheBox - Writeups
    • HTB - ScriptKiddie
Powered by GitBook
On this page

Was this helpful?

  1. OverTheWire
  2. Natas

Natas Level 7 -> Level 8

Skills: PHP, Encoding/decoding data formats

natas8:DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe
URL:
http://natas8.natas.labs.overthewire.org/

Visiting source of the homepage, we see little PHP encodedSecret() function and a $encodedSecret value -

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
    return bin2hex(strrev(base64_encode($secret)));
}

All we need to need do is reverse engineer the function and find a plaintext password.

We focus on the return of the function where it performs some conversion.

...
return bin2hex(strrev(base64_encode($secret)));
...

First, the plaintext $secret is base64 encoded and then reversed using strrev function and then converted to hex.

We should perform exact opposite on the target value -

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

We can write one-liner reverse engineering script in PHP - We perform hex2bin() first, then strrev() and base64 decode.

php -r 'echo strrev(hex2bin("3d3d516343746d4d6d6c315669563362"));' | base64 -d

Output - oubWYf2kBq

Great!!! We decoded the exact plain text for the encoded/scrambled hex string.

Submitting "oubWYf2kBq" in the homepage, we should see password for next level -

PreviousNatas Level 6 -> Level 7NextNatas Level 8 -> Level 9

Last updated 4 years ago

Was this helpful?

Flag