The next level of OverTheWire’s Nata challenge is Level 9. This is a command injection vulnerability. Initially, you are given a search box. Just like in previous levels, I looked at the available source code. You can see the vulnerability is that the user input is not sanitized. Due to this, …

Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background. It starts out with a secret password input. Like other levels, I looked at the source code to see what was going on in the background. Based on this …

Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better. We start with a single page, that has 2 navigation links. I noted that the URLs had a “page=” …

The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues. It starts out with a secret password prompt. I took a look at the sourcecode, via the link provided. I decided I would try and see if I could request the “secret.inc” file, and it …

Now that we’re about 1/3 through to the end of the OverTheWire Natas wargame, I’m hoping that they start to get a little more tricky. Level 5 unfortunately is still pretty easy. It starts by simply telling you that you’re not logged in. Logins often hand out cookies, so I viewed my …

Level 4 of OverTheWire’s Natas wargame starts a little different than the previous levels. It immediately presents you with an error message. I figured this was going to be due to the HTTP Referer. I guessed that one could solve this by using a proxy or a browser addon, such as Referer …