Natas 1-33 walkthrough
Welcome to overthewire’s natas web security 1-33 walkthrough Where2play: https://overthewire.org/wargames/natas/
natas0 http://natas0.natas.labs.overthewire.org/ username:natas0 password:natas0
When logged in the site is says “You can find the password for the next level on this page.” so lets check page source. There is a commented line in page source basically tells us the pass : “The password for natas1 is g9D9cREhslqBKtcA2uocGHPfMZVzeFK6”
natas1 username:natas1 password:g9D9cREhslqBKtcA2uocGHPfMZVzeFK6
Disabled right click hmm… but there is another way to view page source change http:// with view-source: and there it is another comment line The password for natas2 is h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
natas2 username:natas2 password:h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
There is nothing in this page as it says but when i check page source there is pixel.png file from /files folder so lets check it http://natas2.natas.labs.overthewire.org/files/ there is natas3 user and pass in users.txt
natas3 username:natas3 password:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q
Again it says there is nothing in this page but in page source there is a hint. It says “even google cant find it” that means its blocked in robots.txt lets check it. http://natas3.natas.labs.overthewire.org/robots.txt in robots.txt file /s3cr3t path is disallowed. lets check path this time http://natas3.natas.labs.overthewire.org/s3cr3t aand there it is users.txt file which contains natas4:pass..
natas4 username:natas4 password:tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm
Page says Access disallowed. You are visiting from “” while authorized users should come only from “http://natas5.natas.labs.overthewire.org/” that means who requested to connect natas4 in terminology this named as “referer”. Lets try something: curl -referer. As curl exists other tools available for http referring (owasp zap etc.).
curl -u natas4:tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm --referer http://natas5.natas.labs.overthewire.org/ http://natas4.natas.labs.overthewire.org/natas5 username: natas5 password: Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD
Access disallowed. You are not logged in lets check requests with burp. When i intercepted connection with burp proxy there is a “loggedin=0” cookie value so just i changed parameter with “loggedin=1” and logged in.
natas6 username: natas6 password: fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR
print("sa")