I had a twitter follower recently inform me that OverTheWire had a new wargame up and running. I was immediately excited and downloaded it. Several days later, I actually was able to start tinkering with it. I booted up the image, and proceeded to do some preliminary nmap scans. I found a few …

Up until now, none of the OverTheWire Natas challenges really gave me that much of an issue. This one however, took me a couple hours to complete. Level 15 is a fun blind sql-injection vulnerability. It starts out with a username check dialog, which pretty much only gives you a binary value as to if …

The next level of the OverTheWire Natas wargame is Level 14, which introduces SQL Injection, a very popular subject as of late. The level starts out with a login dialog. The source code is fairly straight forward. It’s doing a basic authentication query. It however, does have a handy …

Level 13 of OverTheWire’s Natas wargame is extremely similar to Level 12. The only difference now, is that it’s validating that the file is in fact an image. This however is flawed, as exif data can be faked. It starts out with a similar upload prompt as last time. The source code is …

The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions. It starts out giving you the option to upload a <1KB file to the server. As with any other challenge, I viewed the …

Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun! It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in …