Author: dugisec

Natas Level 5

Hmmm, what to do, what do…. Should we try http://natas5.natas.labs.overthewire.org/admin.php…nope! How about http://natas5.natas.labs.overthewire.org/login.php…dangit bobbeh!! Is there anything in the souce? Doesn’t look like it to me. OH I KNOW!  Let’s check out the HTTP headers.  There are a lot of ways we could do this, but the weapon of choice

Read More »

Natas Level 4

Wha wha!?   I swear I wasn’t on poop.fart.xxx before I logged in to this level!  Anyway, it’s saying authorized users should be coming from “http://natas5.natas.labs.overthewire.org/”.  I think it can tell where we are coming from by reading the referer field out of the HTTP header. Wikipedia says: “[The referer] is

Read More »

Natas Level 3

Well this looks familiar: I mean it’s kind of true this time, lets have a look at the source anyway shall we? How to hide stuff from google????  ROBOTS.TXT !!!! But what are they trying to hide anyway? Looks like there is a folder called /s3cr3t/ I wonder what’s in

Read More »

Natas Level 2

So, natas level 2 is telling us there is nothing on this page…I don’t believe them!  Let’s have a look at the page source: Apparently there is an image on the page that lives in the “files” folder.  I wonder if there is anything else in that folder?? hmmmmmmmmm, users.txt

Read More »

Natas Level 1

So level 1 looks a lot like 0, except this time it’s saying you can’t right click.  IDK, maybe on IE 5 this javascript works the way you would think it should, but I had no problem right clicking as you can see here: And then of course we see

Read More »

Natas Level 0

Today we’ll be reviewing Natas level 0 together.  We log in to http://natas0.natas.labs.overthewire.org/ with the creds they provided: username: natas0 password: natas0 We’re then presented with the following message: They’re saying we can find the password for the next level on this page.   After about an hour of head

Read More »