Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.
hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.
Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!
Natas Level 18 → Level 19
- Here are the login details.
Username: natas19
URL: http://natas19.natas.labs.overthewire.org
- After logging in we can see this page.
- This level is the same as the previous level but there are changes in session id. so let’s try to see the source code.
- Here is nothing much so let’s intercep this in burp suite.
- Here we can see this session cookie has been changed we can also say the cookie has been encoded. so let’s try to decode in the decoder.
NOTE:-this -natas20 is showing because i use as username |
- Here we get some hints in ASCII hex, Here in front of natas20, there are numbers so we can brute force these numbers and see what number cookie is fit to get the password.
- so let’s try to send this request to an intruder to brute force. first clear and add the whole cookie.
- Now go to payloads change type to numbers and make From:1 TO:700 step:1.
- Now here is our main thing in payload processing add add suffix: -natas20 and add Encode as ASCII hex.
- Now all set let’s start the attack.
- Here we get some different response by clicking on the length we can see in this response there is also a password to natas20 we can use this response cookie to complete the level.
- Here in the decoder, we can check our cookie is right. see it’s shows 281 so it correct.
- To solve this level we need to change the cookie with our new find cookie.
- Here we change the cookie and now reload the page.
Boom !!! Here we get the password to natas20.
Hopefully, this write-up will be useful for everybody, I have tried to make it easy to read.
Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-20-ed37d1d1e03d
Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-18-bd9184479518