[OverTheWire] Natas – Level 02
http://natas2.natas.labs.overthewire.org/
There is nothing on this page
Xem source:
[html]
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas2", "pass": "ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi" };</script></head>
<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body></html>
[/html]
Để ý thấy 1 thẻ <img> rất vô duyên:
<img src="files/pixel.png">
Truy cập:
Index of /files [ICO] Name Last modified Size Description [DIR] Parent Directory - [IMG] pixel.png 06-Jun-2013 13:57 303 [TXT] users.txt 12-Jul-2013 13:35 145 Apache/2.2.22 (Ubuntu) Server at natas2.natas.labs.overthewire.org Port 80
Mở file users.txt:
# username:password alice:BYNdCesZqW bob:jw2ueICLvT charlie:G5vCxkVV3m natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14 eve:zo4mJWyNj2 mallory:9urtcpzBmH
→ flag = sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14.
Recent comments