Natas teaches the basics of server-side web-security.
each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. This is no SSH logging. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
After logging in to natas4 we'll see the following message:
"Access disallowed. You are visiting from "http://natas4.natas.labs.overthewire.org/" while authorized users should come only from "http://natas5.natas.labs.overthewire.org/"
For this we will need to edit the response headers to say we are from the authorized user url. You can use something like tamper data, burp suite, Fiddler, or if you are feeling really ambitious, write your own program to change/mimic the referrer header from the current user url to the authorized user url. Once you do this you will see the password displayed for natas5. Be sure not to grab the trailing whitespace.
No comments:
Post a Comment