The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions.

It starts out giving you the option to upload a <1KB file to the server.

As with any other challenge, I viewed the …

Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun!

It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in …

On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed.

It starts …

The next level of OverTheWire’s Nata challenge is Level 9. This is a command injection vulnerability.

Initially, you are given a search box.

Just like in previous levels, I looked at the available source code. You can see the vulnerability is that the user input is not sanitized. Due to …

Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background.

It starts out with a secret password input.

Like other levels, I looked at the source code to see what was going on in the background.

Based on …

Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better.

We start with a single page, that has 2 navigation links.

I noted that the URLs had a …