Thankyou to anyone who is reading this as this is my first blog post, anyway straight to the point. I have started my journey on becoming a pen tester recently and I started the Natas challenge by http://overthewire.org which is an AWESOME wargame and I recommend it to anyone just getting into cyber security.
Here are the challenges so far and how I solved them 🙂 Enjoy
So nice and simple to start with, you are greeted with this page
Super simple, just hit CTRL+U to view page source and voila, we are onto natas 2.
So password for natas 1 is
So this one was super similar to the previous one as we are presented with this screen
So again just hit CTRL+U to view the page source and viola there’s our password
So the password for natas2 is
So this one it started to get a bit different from the others we are presented with a page that says “There is nothing on this page”. Interesting, so lets have a look at the page source as it’s seem’s to be quite helpful and I noticed this line
Cool, another directory that we can look at navigating to http://natas2.natas.labs.overthewire.org/files/ we can see there is another file in that directory called users.txt
And there’s our password for natas 3!
So this challenge gives us the same landing page as natas 2, interesting hmm. So again hit that CTRL+U to view the page source and we see an interesting comment in the code:
Hmm, why did they mention google. Ah! They are refering to google’s webcrawlers which look at robots.txt to see which parts of the website to index. Let’s navigate to http://natas3.natas.labs.overthewire.org/robots.txt
And there it is, an entry to Disallow: /s3cr3t/ . Let’s navigate to that directory now http://natas3.natas.labs.overthewire.org/s3cr3t/
Cool, so we can see a users.txt in that directory, opening it up we see the password:
So the flag for natas 4 is:
Alright so opening up this page we are greeted with with this lil message:
Access disallowed. You are visiting from “” while authorized users should come only from “http://natas5.natas.labs.overthewire.org/”
So far we have only needed our to view the page source and change the urls to get our flags but now we are going to have to open up that Browser Developer Tools. In this case I am using Firefox as it is my testing browser but I’m sure a lot of this will port over to Chrome’s Developer Tools.
So this challenge is actually refering to the Referer header that can be sent with a request to show where a user has come from. But since we accessed the site directly currently there is no referer header. The weakness? The referer header is client controlled, so we can just edit it and send it again.
Heading to the network tab of the developer tools and refreshing the page, I want to have a look at the main GET request that retrieves the site and analyse the headers.
Yep, no referer header, so firefox provides functionality to edit the request and send it again, you can see the button in the upper right of the screenshot. I’m going to edit the headers to make the referer header what the site is asking for and send it again.
And lets send it…
And boom, we get the password just like that, so the password for natas 5 is
Click here to see Part 2 of the write up.