"hostess is a code-slaying dragon found deep within the core of the earth, unearthing magma and vulnerabilities single handedly while using the other hand to pet his cat"

OverTheWire Natas Level 8

| Comments

Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background.

It starts out with a secret password input.

Like other levels, I looked at the source code to see what was going on in the background.

Based on this code, you can see that it has a stored secret value, that is base64 encoded, then reversed, and then converted to a hex string. That value is then compared to the stored secret value, and if it’s a match, it will give you the next level’s password.

I decided to write a reversal program in php, since it was super easy. The only problem it gave me, was that there is no built-in hex2bin method until a newer version of PHP than I had on my machine. Luckily, on the bin2hex documentation page, someone kindly wrote a reversal function that I stole.

Once I executed that program in php, it gave me the decoded password. Once I entered it into the page, it gave me the password to the next level.