Level 13 of OverTheWire’s Natas wargame is extremely similar to Level 12. The only difference now, is that it’s validating that the file is in fact an image. This however is flawed, as exif data can be faked.

It starts out with a similar upload prompt as last time.

The source code is …

The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions.

It starts out giving you the option to upload a <1KB file to the server.

As with any other challenge, I viewed the …

Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun!

It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in …

On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed.

It starts …

The next level of OverTheWire’s Nata challenge is Level 9. This is a command injection vulnerability.

Initially, you are given a search box.

Just like in previous levels, I looked at the available source code. You can see the vulnerability is that the user input is not sanitized. Due to …

Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background.

It starts out with a secret password input.

Like other levels, I looked at the source code to see what was going on in the background.

Based on …