[OverTheWire] Natas – Level 02

http://natas2.natas.labs.overthewire.org/

There is nothing on this page

Xem source:

[html]
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas2", "pass": "ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi" };</script></head>
<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body></html>
[/html]

Để ý thấy 1 thẻ <img> rất vô duyên:

<img src="files/pixel.png">

Truy cập:

Index of /files
[ICO]    Name    Last modified    Size    Description
[DIR]    Parent Directory         -     
[IMG]    pixel.png    06-Jun-2013 13:57     303     
[TXT]    users.txt    12-Jul-2013 13:35     145     
Apache/2.2.22 (Ubuntu) Server at natas2.natas.labs.overthewire.org Port 80

Mở file users.txt:

# username:password
alice:BYNdCesZqW
bob:jw2ueICLvT
charlie:G5vCxkVV3m
natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
eve:zo4mJWyNj2
mallory:9urtcpzBmH

→ flag = sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14.

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *