Natas teaches the basics of server-side web-security.
Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. This is no SSH logging. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
After logging in to natas1 we'll see the following message:
"You can find the password for the next level on this page, but rightclicking has been blocked!"
It doesn't mean squinting your eyes or hovering over obscure parts of the screen, and even if it did.. we'd be able to find that in the source. So either disable javascript and right-click->view source or ctrl+u (typically the default hotkey to show source) and look for the password to log into natas2. Just be sure not to copy the trailing whitespace. Now you can continue on to natas2!
No comments:
Post a Comment