The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions. It starts out giving you the option to upload a <1KB file to the server. As with any other challenge, I viewed the …

Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun! It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in …

On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed. It starts …

The next level of OverTheWire’s Nata challenge is Level 9. This is a command injection vulnerability. Initially, you are given a search box. Just like in previous levels, I looked at the available source code. You can see the vulnerability is that the user input is not sanitized. Due to this, …

Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background. It starts out with a secret password input. Like other levels, I looked at the source code to see what was going on in the background. Based on this …

Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better. We start with a single page, that has 2 navigation links. I noted that the URLs had a “page=” …