Natas Level 4
Upon opening the level, you see this. I was initially confused and refreshed the page, giving me a big hint.
I thought for a bit, and wondered if there was some information being sent to the site that could inform it of my "previous website". I tried things like visiting google.com and then entering in the natas4 site which didn't work, and so that brought the idea that possibly some information is being directly sent to natas4. I did some googling and came across 'http refering' which made a lot of sense. I tried to figure out ways I could "give" natas4 a http referer, and I knew of curl which could help transfer data to the site and back without me having to download any extra tools. After a bit of googling and documentation reading, I learnt that the http referer could be sent in the request to a page like so:
After realising this worked, actually getting the password just required me to trial and error a bit to actually type in the natas5 link in properly.
pass for next level: Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD
Natas Level 5
When logging into natas 5, I was greeted with an "access denied, user not logged in" which was funny since I just had to enter in a password. But considering this was a puzzle, I got to thinking and considered what that message could possibly mean. Maybe I needed to log in somewhere, or maybe I needed to use different login credentials for this site which could be hidden in the page?? After going through a couple things, it almost felt like Jesus spoke to me "COOKIES, THE ANSWER IS COOKIES". I pondered it a bit, and then realised that cookies was likely part of the solution. I had never dealt with cookies properly before besides always pressing the reject all button, so as with almost every level before this: I went to google and seached some stuff up. Basically I wanted to know how I could see the cookies that were being sent to the page, and how I could send my own to the page (hopefully) using curl. Funnily enough, searching something along those lines basically gave me the answer as curl is quite a powerful tool. The -c and -b flags came in useful, -c showing me the cookies, and -b letting me send my own cookies.
Using the -c flag, I found that the cookie name was "loggedin" and was set to a value of "0"
curl --user natas5:Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD -c - 'http://natas5.natas.labs.overthewire.org'Using the -b flag I set this value to 1 and sent it to the site
curl --user natas5:Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD -b "loggedin=1" 'http://natas5.natas.labs.overthewire.org'After sending in my very own cookie, curl basically just spat out the password
pass for next level: fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR
Natas Level 6
This level was interesting, it opens up to a page with a new format. An input secret button. After clicking the button to open the source code I saw some html and this mystery langauge. The actual solution wasn't complex,
but I did scratch my head trying to figure out what language the input secret button was written in, turns out the html tag <? ?> was for php and I went into a rabbit hole trying to determine what that meant, but as it turns out - it was a red herring and I needed to look at the include statement, which I seem to always forget means that there is a filesystem available.
Upon accessing the includes/secret.inc path, it spits out a secret that I can enter on the home page and get the password to the next level!
pass for next level: jmxSiH3SP6Sonf8dv66ng8v1cIEdjXWr
What I Learnt
I'm kind of shocked at how much a "game" can teach me about the web. Before I did these levels, I only had vague ideas of cookies and curl as a cli. Now, although I wouldn't say I'm a pro by any means, I have more confidence in searching/reading documentation on how to use tools and understanding simple web structure. Once I was in the groove of thinking like an attacker and trying to "abuse" the site, I found it easier to keep trying different things and found a hunger for information that could help me solve the puzzle.
Top comments (0)