Leviathan1

Challange: There is no information for this level, intentionally. Seems like we don’t get any information for any challenge. Just like the last one we can SSH into the server with the credentials we got from the last challenge. Command: $ssh leviathan1@leviathan.labs.overthewire.org -p 2223 Lets have a look to see …

Natas19

Challange:After logging in we are greeted with the following message: This page uses mostly the same code as the previous level, but session IDs are no longer sequential… So lets check what the PHPSESSID value is now. This can be done by going to your cookies in your browser, Press …

Natas18

Challange:This time we see a real loginscreen, requesting a username and password. We can also see the source code again. The source code can be found below. Some remarks I found in the code: Return 1 is used for an admin login, but this function is disabled. Return 0 is …

Natas17

Challange:So we see the loginscreen again from the username to check if it exists. We had this one already. But I checked the source code and it’s not the same query. Username this time is in between double qoutes. Which cant be escaped. The query in the source code: They …

Natas16

Challange:For security reasons, we now filter even more on certain characters. Where we see the input field again to search for words containing: Solving it:So lets have a look at the source code As we can see the keys ; | & ` \ ‘ ” are being filtered. I …

Natas15

Challange:There is a single field named username to check the existence in the database. Solving it:We probably have to do another SQL injection, but lets have a look at the source code first. This is the query: SELECT * from users where username=\””.$_REQUEST[“username”].”\””;. So this is SELECT * from users …

Natas14

Challange:We are greeted with a login page where we have to fill in an username and password. Solving it:We probably have to do an SQL injection, but lets have a look at the source code If we look in the source code we can see that the query is as …

Natas13

Challenge:For security reasons, we now only accept image files! Its the same image upload thing as last time, atleast the front end looks the same Solving it:I thought, this is easy just change the filename from natas12.jpg to natas12.php.jpg. But this gives an error: File is not an image So …

Natas12

The last one was a hard one, so this means we are learning stuff 🙂 Challenge: Choose a JPEF to upload (max 1 KB):Where we can browse for a file and upload it. Solving it:So lets read the source code and see what we can find. So the first function …