We covered OverTheWire Natas 19-20 level. In this level, the web application used an if statement to verify if the user input contained certain words to whether grant admin access or not. The PHP code stores session ID values in a file as key/pair and in order to pass the condition, we need to send a payload in the form of key/pair. We used admin%201 as a key/value in the request to pass the condition and get access to the password of the next level. This was part of OverTheWire War Games Natas Level 19-20

Burp Suite Practical Notes

Natas 21 Password

89OWrTkGmiLZLv12JY4tLj2c4FW0xn56

Video Transcript

As you know Guys, OverTheWire CTF Natas are a collection of web application penetration testing challenges so if you want to strengthen your knowledge or strengthen yourself in the area of web application penetration testing , I advise you to go back and watch all of the walkthroughs that I did for Natas starting from Level 0 all the way to level 20.

To retrieve credentials for natas level 21 so you might think oh, this is so simple. Let’s go ahead and type admin to login but the button does nothing you just click on the button and it does nothing.
If we view the source code. What matters for us is this variable session set save Handler.
Okay, and it contains these values and these values correspond to be values to call functions in the code which perform the assignment of session IDs to users.
Mainly here are three important functions in this PHP code; mywrite, myread and print_credentials.

Session IDs are generated in a filename in the form of key pairs separated by a space. The function print_credentials contains an if statement that checks on the entries of the file used to hold the session IDs. If it finds an entry of key as an admin and value as 1 it will print the credentials of the next level.

So using Burp Suite, we intercept a request and pass the payload in the name parameter so that

name=admin%0Aadmin%201

and doing that along with attaching ?debug to the request, the full URL becomes like the one below

http://natas20.natas.labs.overthewire.org/index.php?debug&name=admin%0Aadmin%201

When we pass the above as a GET request we will retrieve the credentials for Natas level 21.

Video Walkthrough

Burp Suite, CTF Writeups, OverTheWire CTF, OverTheWire Natas Level 18 - 19, OverTheWire Natas Level 19-20, OWASP, Session Hijacking

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Session ID Hijacking With Burp Suite | OverTheWire Natas Level 20

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Investigating an Infected Windows Active Directory | TryHackMe Recovering Active Directory

Decoding SSTV and Audio Signals | Hardware Hacking P4 | HackTheBox Signals

Press ESC to close

Session ID Hijacking With Burp Suite | OverTheWire Natas Level 20

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

Web Application Basics | TryHackMe Walkthrough

HackTheBox Sherlock: Meerkat Writeup and Walkthrough

LLM & AI Hacking: How AI is Being Exploited by Hackers | TryHackMe EvilGPT 1 & 2

Other stories

Investigating an Infected Windows Active Directory | TryHackMe Recovering Active Directory

Decoding SSTV and Audio Signals | Hardware Hacking P4 | HackTheBox Signals