Natas25
Website URL: http://overthewire.org/wargames/natas/natas25.html
According to the data on the OverTheWire webpage.
Username: natas25
URL: http://natas25.natas.labs.overthewire.orgLet’s log into the URL for Natas24
Looking at the source:
Well, looks a bit complicated now. The credentials will only be displayed when the strcmp function returns True. According to the documentation, strcmp() returns -1, 0, 1 according to the result of the comparison. However, the function also returns a 0 when it encounters an invalid comparison. So, our aim would be to introduce an invalid comparison. The easiest method would be to replace the string type parameter “passwd” with an array type. This can be done by simply issuing a post request to the webpage with data as passwd[] = “” .
Done!
Password for next level: GHF6X7YwACaYYssHVY05cFq83hRktl4c