Over The Wire – Natas 8 – Killian Sherer

natas 8-0.png

Alright, it looks like we have one of these again… Let’s start looking at the source code this time.

natas 8-1.png

This time we have an encoded secret.

Encoding is not great because it is reversible, so let’s see if we can figure out what is being encoded so we can decode it.

function encodeSecret($secret) {
return bin2hex(strrev(base64_encode($secret)));
}

So we are taking $Secret, running base64_encode on it, then reversing the string, and then turning that value into hex.

So to reverse this, we need to do the opposite:
1. Take the output, convert it from hex to ascii
2. Reverse the string
3. base64 decode the string

Let’s do that now!

Step 1: hex to ascii

natas 8-2.png

Next, we will take the output and reverse it.

I used python here to make it super easy – “string”[::-1] will reverse string

after that, I decided the output with base64

natas 8-4.png

Entering that into the secret box gets us the next flag!

natas 8-5.png

**I spent 30 minutes wondering what the heck I did wrong because I has nats6 open and it was not taking the string I found… Note to self: check the stupid stuff….**

Share this:

Related

Leave a comment Cancel reply