OverTheWire Natas Level 7 → 8 tutorial!!

Login

URL: http://natas8.natas.labs.overthewire.org Credentials: natas8:xcoXLmzMkoIP9D7hlgPlh9XD7OgLAe5Q

# Using curl (optional):
curl -u natas8:xcoXLmzMkoIP9D7hlgPlh9XD7OgLAe5Q http://natas8.natas.labs.overthewire.org/

Task

The page asks for a secret. Clicking View sourcecode reveals how the server checks it.

A little bit of Theory

The PHP shows an encoded constant and a function used to transform your input:

<?php
$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
  return bin2hex(strrev(base64_encode($secret)));
}

So the server compares encodeSecret($_POST['secret']) with the hex string above. To find the correct input, we invert the operations in reverse order:

1. hex → bytes
2. reverse bytes → original base64 text
3. base64 decode → the real secret

Further reading:

• PHP: base64_encode
• PHP: bin2hex

Solution

1. Open source and copy the encoded string

   

   3d3d516343746d4d6d6c315669563362
   

2. Reverse the transform (quick script)

   Python:

   import base64
   s = bytes.fromhex("3d3d516343746d4d6d6c315669563362")
   s = s[::-1]
   secret = base64.b64decode(s)
   print(secret.decode())
   # -> oubWYf2kBq
   

   Or JS Console:

   const h="3d3d516343746d4d6d6c315669563362";
   const bytes=h.match(/../g).map(x=>parseInt(x,16));
   const b64=String.fromCharCode(...bytes.reverse());
   console.log(atob(b64)); // "oubWYf2kBq"
   

3. Submit the secret oubWYf2kBq and read the result.

   

Password

ZE1ck82lmdGIoErlhQgWND6j2Wzz6b6t

Troubleshooting

• “Wrong secret”? → Order must be hex → reverse → base64 decode.
• Garbled output? → Treat the hex as raw bytes before reversing.
• Still stuck? → Copy/paste the Python snippet exactly.

Nice! 🎉 You reversed a custom encoder and pulled the secret for natas9. Onward!

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨