What’s the secret? Let’s find out! This time they give us the source code to index.php to look at. This is because when you right click > view source on a php page in your browser, only the html is visible, and not the php code. The source looks like
Hmmm, what to do, what do…. Should we try http://natas5.natas.labs.overthewire.org/admin.php…nope! How about http://natas5.natas.labs.overthewire.org/login.php…dangit bobbeh!! Is there anything in the souce? Doesn’t look like it to me. OH I KNOW! Let’s check out the HTTP headers. There are a lot of ways we could do this, but the weapon of choice
Wha wha!? I swear I wasn’t on poop.fart.xxx before I logged in to this level! Anyway, it’s saying authorized users should be coming from “http://natas5.natas.labs.overthewire.org/”. I think it can tell where we are coming from by reading the referer field out of the HTTP header. Wikipedia says: “[The referer] is
Well this looks familiar: I mean it’s kind of true this time, lets have a look at the source anyway shall we? How to hide stuff from google???? ROBOTS.TXT !!!! But what are they trying to hide anyway? Looks like there is a folder called /s3cr3t/ I wonder what’s in
So, natas level 2 is telling us there is nothing on this page…I don’t believe them! Let’s have a look at the page source: Apparently there is an image on the page that lives in the “files” folder. I wonder if there is anything else in that folder?? hmmmmmmmmm, users.txt
So level 1 looks a lot like 0, except this time it’s saying you can’t right click. IDK, maybe on IE 5 this javascript works the way you would think it should, but I had no problem right clicking as you can see here: And then of course we see
Today we’ll be reviewing Natas level 0 together. We log in to http://natas0.natas.labs.overthewire.org/ with the creds they provided: username: natas0 password: natas0 We’re then presented with the following message: They’re saying we can find the password for the next level on this page. After about an hour of head