http://natas2.natas.labs.overthewire.org/
There is nothing on this page
Xem source:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<html> <head> <!-- This stuff in the header has nothing to do with the level --> <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css"> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" /> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" /> <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script> <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script> <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script> <script>var wechallinfo = { "level": "natas2", "pass": "ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi" };</script></head> <body> <h1>natas2</h1> <div id="content"> There is nothing on this page <img src="files/pixel.png"> </div> </body></html> |
Để ý thấy 1 thẻ <img> rất vô duyên:
<img src="files/pixel.png">
Truy cập:
Index of /files [ICO] Name Last modified Size Description [DIR] Parent Directory - [IMG] pixel.png 06-Jun-2013 13:57 303 [TXT] users.txt 12-Jul-2013 13:35 145 Apache/2.2.22 (Ubuntu) Server at natas2.natas.labs.overthewire.org Port 80
Mở file users.txt:
# username:password alice:BYNdCesZqW bob:jw2ueICLvT charlie:G5vCxkVV3m natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14 eve:zo4mJWyNj2 mallory:9urtcpzBmH
→ flag = sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14.