OverTheWire Wargames :: Natas :: Level 24
Level 24 > Level 25
<html>
<head>[...]
<script>var wechallinfo = { "level": "natas24", "pass": "<censored>" };</script></head>
<body>
<h1>natas24</h1>
<div id="content">
Password:
<form name="input" method="get">
<input type="text" name="passwd" size=20>
<input type="submit" value="Login">
</form>
<?php
if(array_key_exists("passwd",$_REQUEST)){
if(!strcmp($_REQUEST["passwd"],"<censored>")){
echo "<br>The credentials for the next level are:<br>";
echo "<pre>Username: natas25 Password: <censored></pre>";
}
else{
echo "<br>Wrong!<br>";
}
}
// morla / 10111
?>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>
This one was baffling at first. The only way !strcmp($_REQUEST["passwd"],"<censored>"
is going to be true to proceed into the conditional is if strcmp
returns 0, which only occurs when the strings are equal including case. Sooo we have to completely guess the password and that’s it?
I happened to notice in the HTML head, which I normally remove, that the password to the current level for wechallinfo
is censored. Normally the current passsword is shown there because we already know it.
<script>var wechallinfo = { "level": "natas24", "pass": "<censored>" };</script>
Is the current password what we’re looking for?
Damn. Not sure I really understand this one despite, ya know, getting it.
GHF6X7YwACaYYssHVY05cFq83hRktl4c