Natas Writeup : 1 - 5

This is going to be the first in a series of writeups about the Natas challenges in the overthwire.org website. Let's start.

Natas 0 - Natas 1

The password is easy to find for this level. Right-click and select inspect on the browser which you are using. You'll see the source code of the website and there lies the password.

Password : gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas 1 - Natas 2

This level is the same as the last level except for the fact that the right click has been disabled. The browser you're using must have a shortcut key to inspect the source code of the page. Look it up on google. If you're on chrome or firefox it is Ctrl+Shift+I. The password is in the source code.

Password: ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi

Natas 2 - Natas 3

When you view the source code of this challenge, you can see an image that has the src "files/pixel.png". We find there is a file directory for the page. We traverse to that directory by adding /files in the URL. There we find a users.txt file. We open that and find the password for natas3.

Password: sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

Natas 3 - Natas 4

There's nothing on this page. But there's something we still can check. There is something called robots.txt for every web server. It contains a list of directories that are not allowed to be accessed by the user. Traverse to that file and there is a directory called "/s3cr3t/". Inside the directory, there is a users.txt file in which the password resides.

Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Natas 4 - Natas 5

Here the text reads that only users from "http://natas5.natas.labs.overthewire.org/" can access the website.  This is something called the Referer link inside the headers of the request. Every time your browser accesses the server it sends a bunch of additional information called headers. One such information is from which URL are you coming from. This data is wrong for us here. We can simulate such a request in python using the requests library.

import requests
from requests.auth import HTTPBasicAuth 
url = "http://natas4.natas.labs.overthewire.org/"
headers = {"Referer":"http://natas5.natas.labs.overthewire.org/"}
r = requests.get(url,headers=headers,auth = HTTPBasicAuth('natas4', 'Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ'))
print(r.text)

Password: iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq