Joshua Cruz

Natas Level 8 → Level 9

August 19, 2019

Main page

Logging into natas8, we can see a text field, a button, and a link to view the source code.

natas8 start

Source Code

Here we view the source code this lab provides us

natas8 source code

After analyzing the code, we simply use the encodedSecret variable and put it into the encodeSecret function, like this:

function encodeSecret($secret) {
    return bin2hex(strrev(base64_encode($secret)));
}

echo base64_decode(strrev(hex2bin('3d3d516343746d4d6d6c315669563362')));

Secret Decoded

Copying and pasting the function with the encodedSecret in the function we get our output: oubWYf2kBq

natas8 decode

Password

Using the decoded secret we then input it in the the textfield when we first logged in the lab.

natas8 password

Voila! We get the password for the next level.