OverTheWire Natas Level 23 Walkthrough

This post is a walkthrough for level 23 of Natas, which gets us into some more PHP functions. This post shows how to evaluate the code and get the solution.

Level 23 ➔ 24

If we visit the homepage for level 23 (with username natas and password D0vlad33nQF0Hz2EP255TP5wSW9ZsRSE from the previous level), we see this:

We’re asked to provide a password. Let’s look at the source code for more information:

The webpage will show us the password if two conditions are met. First, the request needs to include a passwd key. That’s easy enough.

if(array_key_exists("passwd",$_REQUEST)){

Second, this comparison needs to evaluate to true.

if(strstr($_REQUEST["passwd"],"iloveyou") && ($_REQUEST["passwd"] > 10 )){

The PHP function strstr finds the first occurrence of a string and returns the part of the string starting from and including the first occurrence of the “needle” value (in our case, iloveyou).

If you aren’t familiar with PHP, we can test this out in a repl shell. Open up your terminal of choice and type php -a. You can also use an online sandbox such as this one.

First, let’s check the strstr() comparison:

As you can see, anything that includes “iloveyou” in the first argument (which is our input) evaluates a non-zero output.

Next, we can test out the other part of the conditional. I originally thought this was a string length comparison but there’s more to it than that. Any value that starts with a number higher than 10 will result in a true output.

Natas Level 23 Solution

Given what we’ve just learned, we know that our password needs to 1) start with a value higher than 10 and 2) include “iloveyou”.

I chose the password 100iloveyou:

And there’s our flag!

Takeaway: if you aren’t sure how a particular function works, read the documentation and test it out. The more you know about programming in a language, the more successful you will be in security regarding that language.