Natas teaches the basics of server-side web-security.
each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. This is no SSH logging. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
After logging in to natas3 we'll see the following message:
"There is nothing on this page."
Okay... double check it to make sure by viewing the source again by either right clicking->view source or using ctrl+u (default hotkey for viewing source). In here we will find a comment that tells us:
"No more information leaks!! Not even Google will find it this time...
This gives us the hint we need for where to look. And it is called robots.txt. Point your browser to the robots.txt file, which is what is used to tell which web crawlers the parts of your site you do not want indexed, to get a new directory to check out. Once in that directory we will see the users.txt file that contains the password for natas4.
No comments:
Post a Comment