Home Natas: Level 0 - 5
Post
Cancel

Natas: Level 0 - 5

Natas 0

Username: natas0

Password: natas0

Url: http://natas0.natas.labs.overthewire.org/

We can View Source and find the next password as a html comment


Natas 1

Username: natas1

Password: gtVrDuiDfck831PqWsLEZy5gyDz1clto

Url: http://natas1.natas.labs.overthewire.org/

The same as before the password is html source but we can not right click on the web page, we can use CTRL+U or CTRL+SHIFT+I to bypass


Natas 2

Username: natas2

Password: ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi

Url: http://natas2.natas.labs.overthewire.org/

By viewing the source we can find an image

which is in /files

There is a users.txt file here

Which contains the password for natas3


Natas 3

Username: natas3

Password: sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

Url: http://natas3.natas.labs.overthewire.org/

After looking at the source code we get a hint

This hints we can check for a robots.txt In robots.txt we find a directory: /s3cr3t this directory has a users.txt file where we can find the password for natas4


Natas 4

Username: natas4

Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Url: http://natas4.natas.labs.overthewire.org/

By going to natas4 we see:

By analying out request with burp

Here we understand that we need to change our Referer: header to match as if we were coming from http://natas5.natas.labs.overthewire.org/. Changing our referer value to the above url gets us the next password.


Natas 5

Username: natas5

Password: iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

Url: http://natas5.natas.labs.overthewire.org/

By visting the site we get an Access disallowed. You are not logged in

We can check the cookies to see how the web page handles our session

We notice there is a cookie loggedin-0 lets change that to a 1. Now we can see the password for natas6.

This post is licensed under CC BY 4.0 by the author.