There are many books, videos, and podcasts on Cybersecurity on the internet. However, passively learning these complex concepts is not very efficient. There is a lot of content and information that needs to be consumed, and that's why people can get lost in it. Based on my research, I became interested in "CTF" competitions, which is an essential part of the culture of programmers. The goal is simple: to find the password by exploiting weaknesses in the site and move on to the next section.
"Natas," created by OvertheWire, is a great game based on vulnerabilities in internet sites. If you want to play it yourself, you can visit overthewire.org. You can play along with me or If you only want to read my game notes for now, scroll down.
While conveying my opinions about the sections like this,
I will give tips on how to solve the sections in the form of a "code block." It was easy once I knew where to start. I "inspected" the site.
It said that the right click was disabled. Due to the feature of the browser I was using, my right click continued to work. Even if it didn't, there were various add-ons and shortcuts available for this purpose. Next level.
When I examined it, nothing came up directly, but I saw the image source HTML command. With the breadcrumbs of information I had previously acquired, I realized that "files/pixel.png" was a directory. The site was pulling the 1-pixel image from here. I wondered if I had access to this directory.
Since I didn't have many options, I tried it. A 1-pixel png appeared.I tried to enter the files directly by removing the directory extension.I came across an index page. Users.txt gave me the necessary password.
VoilĂ .
The phrase "Even Google can't find it this time" initially misled me. Possibilities that Google had previously found (i.e., cached) came to mind. I researched but didn't find anything from Google caches. What he meant could be that the website wasn't indexed on Google. I didn't know how Google indexed websites. I knew they used crawlers, but I had no idea how to access them. Time was passing, and I needed a hint.
When I came up to the Crawler, I was doing well, but I had never thought about the idea of a Crawler BlockerI had recently learned that the robots.txt file was used to block crawlers.However, I was not aware that this file was publicly available on the website.I added robots.txt to the URL extension.Another directory appeared.
When I got in, I found the password.
Natas4 was the most challenging level for me. Although there was a solution method, it wasn't easy to achieve with modern browsers. The site instructed us to change where we came from. I couldn't find a way to do this through the source code (perhaps it's possible).
I started to search for systems where I could edit my HTML referrers. I needed to use an external program.
I have tried a lot of Firefox extensions.At last I got in.
This is the first time I am using an external software. Probably not the last.
I was sure that one of the passwords would be in the cookies and I checked it every time.My guess was to see the password in the "Value" section, but a newly loaded cookie called "loggedin" caught my attention.I downloaded a Cookie Editor software to change the value of Loggedin.
What I changed loggedin value to true, I got the password.
There wasn't much to do, to be honest. We knew there was a password and all we had was the includes/secret.inc directory.
I added it to the end of the URL and entered.Since my inspect tab was open, the password appeared directly in front of me.
Easy one.
This time we have Home and About pages. When you click through pages you could see the change in the URL.
We saw that all passwords were stored in the /etc/natas_webpass/natas(X) directory on the very first page of the CTF.Although I was skeptical, I added the above directory to the end of page= to see if it would work.
We are in.
There is an encrypted message. Below is how encryption is performed.
First, it was converted from binary to hex. Then it was reversed and encrypted with base64.
Internet sites could also be used to crack this code, but I examined PHP commands to learn better.
I was unsuccessful for a long time, but at least I learned a few things about PHP while failing.
php -aecho base64_decode(strrev(hex2bin('password')))
I was able to break all the encryption methods using a single command line with PHP and found the password.
It was a nice practice about injections, which I always hear about and seldomly see.
I knew how to search for results with an empty search query, but after some investigation, I couldn't find anything.
I found out that the grep command shows us the responses that match the key in the selected file.
I discovered that the code applies the key we entered without passing it through any filter. After this point, it was about manipulating the "key" we entered enough to make it show us what we wanted.
At first, I thought about removing some words. I even thought about downloading a dictionary and comparing it to remove the same ones.
Instead of doing this, I sent an empty search command in the form of " " and accessed all the responses.
There was no meaningless word or sentence in the responses.
After doing some more research, I learned that we could give commands to the host computer with commands like "key; ls".The key point here was the semicolon ";".We could execute multiple commands with a single line of input.I navigated through the computer using the "ls" command.
I already knew where the passwords were stored.
Level 10 was not that bad. However when I got in to the Natas11, I was shellshocked. I read write-ups. Watched videos. Nothing was clicking. To be honest I still don't understand it. I should learn PHP.
See you later.