Hello all! This is a series of blog posts outlining my solutions to the "OverTheWire" wargame Natas. I'll also be adding my thoughts/things I learnt after each level, so hopefully there's more to learn than just how to capture the flag :D
Natas Level 0
This was an introductory problem and solving it just requires you "inspect element" the page. The password is hidden as a html comment.
pass for next level: g9D9cREhslqBKtcA2uocGHPfMZVzeFK6
Natas Level 1
Following similar ideas, except now right clicking was blocked. Using the F12 shortcut to open the dev tools revealed the password as a html comment like last time.
pass for next level: h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
Natas Level 2
This level is a bit trickier than the last two, but all you need to know is that the image is a big hint. It reveals that there is a file system that can be routed to. The path of the image was from /files, so by accessing the /files route, a text document is revealed containing the password to the next level.
pass for next level: G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q
Natas Level 3
This level hints at how the site might be hidden from a search engine. After some research, I learnt about robot meta tags which could instruct search engines to not show the page, but as mentioned previously: "Header info isn't part of the solution". Flowing off this tangent, I searched about robot meta tags and came across robots.txt files which store user agents and can enforce certain user rules. In this case there was a wild card user agent dissallowing the /s3cr3ts route. Upon visiting this route, the password is made available.
pass for next level: tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm
What I learnt
These were the introductory problems, so I didn't have too much issue solving them - though I did learn about file systems and the robot meta tag/txt files! It was interesting to see how simple things can become vulnerabilities.
Top comments (0)