OverTheWire Natas Write-Up (Part 3)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 18 Source: <html> … Continue reading OverTheWire Natas Write-Up (Part 3)

OverTheWire Natas Write-Up (Part 2)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 10 They say … Continue reading OverTheWire Natas Write-Up (Part 2)

OverTheWire Natas Write-up (Part 1)

Introduction Natas is a web challenge series from OverTheWire. https://overthewire.org/wargames/natas/ User needs to get password to advance to next level. The password file is located in /etc/natas_webpass directory, only the correspond user can read the current and next level's password. This write up will show the necessary steps to get password. Natas 0 Check source … Continue reading OverTheWire Natas Write-up (Part 1)

CSAWCTF 2020 Qualification Round Writeup

widthless (Web) Challenge Description Welcome to web! Let's start off with something kinda funky 🙂 http://web.chal.csaw.io:5018 Solution First, go to the actual website. Nothing looks special, next I checked source-code and found there is a comment saying something about "zwsp". After some researching, "zwsp" stands for "Zero-Width-Space", essentially some unicode characters which do not appear … Continue reading CSAWCTF 2020 Qualification Round Writeup

File Inclusion and Directory Traversal, what files to look at? Linux Edition

Introduction File inclusion and directory traversal is always chained together. Depends on the application those vulnerabilities can do different damages. From file disclosure to code execution. Methodology I always check for file inclusion when I see those URLs: http://localhost/?page=home, or the parameter is file or filename, you get the idea. I first check if home.php … Continue reading File Inclusion and Directory Traversal, what files to look at? Linux Edition