We can use the credentials obtained in the previous post to access Level 2. Once we log in, we are presented with the following screen:
As we did in the previous levels, we can start by viewing the source of the page, seen below:
<html>
<head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head>
<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body></html>
We can see an image embedded into the page, and upon further inspection, the image appears to be 1x1 pixels. At first I thought the challenge was more difficult than it really was, because I started looking to see if the password was embedded in the image. However, when this didn't work, I thought to check and see if the 'files' directory was listable. Sure enough, when we browse to http://natas2.natas.labs.overthewire.org/files/, we see the following:
Here we can see both our 'pixel.png' picture, as well as a text file called 'users.txt', which contains the following:
# username:password alice:BYNdCesZqW bob:jw2ueICLvT charlie:G5vCxkVV3mnatas3:lOHYKVT34rB4agsz1yPJ2QvENy7YnxUbeve:zo4mJWyNj2 mallory:9urtcpzBmH
In this file, we can see the password for natas3, which we can use to log in to the next challenge.
Moving right along. More writeups to come.
-Jordan
No comments:
Post a Comment