Skip to main content

OVERTHEWIRE.ORG NATAS

 Today, we will play a war-game called Natas. It has a collection of 34 levels. OverTheWire Organization hosts this war-game. Absolute Beginners are the target audience. It teaches the basics of serverside web-security in a fun and challenging way. To play this war-game, go to the Natas website by clicking here.

Objective

Find the password to login on to the next level.

Table of Content:

  • Introduction
  • Level 0
  • Level 0 → Level 1
  • Level 1 → Level 2
  • Level 2 → Level 3
  • Level 3 → Level 4
  • Level 4 → Level 5
  • Level 5 → Level 6
  • Level 6 → Level 7
  • Level 7 → Level 8
  • Level 8 → Level 9
  • Level 9 → Level 10

Introduction

Natas have levels designed in such a way that each level has a different website. To reach each website we will enter the URL in this format.

natasX.natas.labs.overthewire.org, where X is the Level Number.

To access a level, we will use the username for that level (e.g. natas0 for level 0) and its password. The password for the next level is hidden on the current level. We will have to enumerate the password for the next level that is hidden in the current level. All the passwords are stored at /etc/natas_webpass/.

Level 0

This is a pretty simple level. We have the login credentials given on the Natas Introduction Page. Just browse the URL and enter the login credentials.

Username: natas0

Password:  natas0

Level 0 → Level 1

On successfully logging in the natas0 webpage, we will have a message in front of us. It says “You can find the password for the next level on this page” as shown in the figure given below.

Now as per convention, let’s try to find something inside the source code. To view source code, we will right click on the webpage and select ‘View Page Source’. And there we have the password commented in the source code.

Level 1 → Level 2

We use the credentials we extracted from the previous level to login into Level 1.

Username: natas1

Password:  gtVrDuiDfck831PqWsLEZy5gyDz1clto

On successfully logging in the natas1 webpage, we will have a message in front of us. It says “You can find the password for the next level on this page, but rightclicking has been blocked!” as shown in the figure given below.

Now as right-clicking is disabled to view source code, we will have to find another way to retrieve the password form the source code. As we were using Mozilla Firefox and to open source code, we use ‘Ctrl + U’ shortcut. And there we have the password commented in the source code.

Level 2 → Level 3

We use the credentials we extracted from the previous level to login into Level 2.

Username: natas2

Password:  ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi

On successfully logging in the natas2 webpage, we will have a message in front of us. It says “There is nothing on this page” as shown in the figure given below.

So, we check the Source Code of the page, here we find that we have an image file named pixel.png located in the files directory.

We opened the files directory as shown in the image given below. In this directory, we find the user.txt file.

On opening it we find the passwords for the various users present on the target machine. But we need the password for the natas3.

Level 3 → Level 4

We use the credentials we extracted from the previous level to login into Level 3.

Username: natas3

Password:  sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

On successfully logging in the natas3 webpage, we will have a message in front of us. It says “There is nothing on this page” as shown in the figure given below.

So, we check the Source Code of the page, here we find a commented hint. It says “Not even Google will find it this time”. Search Engine spiders always leave the links that are disallowed the robots.txt file. So, we thought to check if this website has one.

We opened the robots.txt as shown in the image given below. In this file, we find that the /s3cr3t/ directory is disallowed. So, let’s open and see for ourselves what’s inside the s3cr3t directory.

In this directory, we find the user.txt file.

On opening it we find the login credentials of the user natas4.

Level 4 → Level 5

We use the credentials we extracted from the previous level to login into Level 4.

Username: natas4

Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

On successfully logging in the natas4 webpage, we will have a message in front of us. It says “Access disallowed. You are visiting from “” while authorized users should come only from “//natas5.natas.labs.overthewire.org/” ”as shown in the figure given below.

We capture the request in Burp Suite, here we see that there is a parameter named Referer. It says natas4.

We change that Referer parameter value to Natas5 as shown in the image given below.

After Forwarding the Request, we get the credentials of the user natas5.

Level 5 → Level 6

We use the credentials we extracted from the previous level to login into Level 5.

Username: natas5

Password:  iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

On successfully logging in the natas5 webpage, we will have a message in front of us. It says “Access disallowed. You are not logged in” as shown in the figure given below.

We capture the request in Burp Suite, here we see that there is a parameter named loggedin. It is set to 0.

We change that loggedin parameter value to 1 as shown in the image given below.

After Forwarding the Request, we get the credentials of the user natas6.

Level 6 → Level 7

We use the credentials we extracted from the previous level to login into Level 6.

Username: natas6

Password: aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

On successfully logging in the natas6 webpage, we will have a form in front of us. It says “Input secret:” as shown in the figure given below.

We went ahead and look for some clues for that secret that we will have to enter in order to get the credentials for the next level. Here we see that a file is included called ‘secret.inc’.

So, in order to grab the secret, we will browser the included file manually. So, as we can see in the given image, we can see that we add the /include/secret.inc in the URL. This gave us a blank page in response. So, we browsed the source code to find the secret commented on the webpage.

Now we copied the secret and went back to the form which was asking the secret. After entering the secret, we get the login credentials for the next level.

Level 7 → Level 8

We use the credentials we extracted from the previous level to login into Level 7.

Username: natas7

Password:  7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

On successfully logging in the natas7 webpage, we are given two links, Home and About as shown in the figure given below.

So, we check the Source Code of the page. Here, we can see the links “index.php?page=” in the given image. We have also hinted the location of the password, that is., /etc/natas_webpass/natas8.

As we can see in the given image, the link is shown in the address bar of our browser after clicking the Home link.

So, we modify the link to read the password stored in the natas_webpass.

//natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8

And we have the password for the next level. This is called command injection.

Level 8 → Level 9

We use the credentials we extracted from the previous level to login into Level 8.

Username: natas8

Password:  DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

On successfully logging in the natas8 webpage, we will have a form in front of us. It says “Input secret:” as shown in the figure given below.

We opened the source code and found that the secret is encoded. Also, we have a function which encodes the secret.

Hence to decode the secrete we just create a function that can decode the secret. This can be done as shown in the given image.

As we now have the decoded secret, we can use it extract the credentials from the webpage of natas8 as shown in the given image.

Level 9 → Level 10

We use the credentials we extracted from the previous level to login into Level 9.

Username: natas9

Password:  W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

On successfully logging in the natas9 webpage, we will have a form in front of us. It says “Find words containing” as shown in the figure given below.

We opened the source code and found that when we enter a keyword, it is passed via a function called passthru(). It takes the value in $key and executes it directly.

So, we will use (;) to execute multiple commands. We will try to read the password at the next level.

As we can see that the password is printed on the screen as shown in the given image.

Level 10 → Level 11

We use the credentials we extracted from the previous level to login into Level 10.

Username: natas10

Password:  nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

On successfully logging in the natas10 webpage, we will have a form in front of us. It says “For security reasons, we now filter on certain characters Find words containing” as shown in the figure given below.

We opened the source code and found that when we enter a keyword, it is passed via a function called passthru(). It takes the value in $key and it filters the input of the characters (/;|&) as shown in the given image.

So, we will use (.*) to execute multiple commands. We will try to read the password at the next level.

As we can see that the password is printed on the screen as shown in the given image.

Labels:

Comments

Post a Comment

Popular posts from this blog

What is Bug Bounty in Cyber Security 2022?

Task 1 | What is Penetration Testing? Before teaching you the technical hands-on aspects of ethical hacking, you'll need to understand more about what a penetration tester's job responsibilities are and what processes are followed in performing pentests (finding vulnerabilities in a client's application or system).   The importance and relevancy of cybersecurity are ever-increasing and can be in every walk of life. News headlines fill our screens, reporting yet another hack or data leak.   Cybersecurity is relevant to all people in the modern world, including a strong password policy to protect your emails or to businesses and other organizations needing to protect both devices and data from damages.   A Penetration test or pentest is an ethically-driven attempt to test and analyze the security defenses to protect these assets and pieces of information. A penetration test involves using the same tools, techniques, and methodologies that someone with malicio...
Post a Comment
Read more

WHAT IS SESSION HIJACKING?

  What is Session Hijacking? A session is the period of time when you as a user are actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, for example, amzon.com, their server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server by Amazon. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Let us take the example of Facebook. For example, when you log into Facebook, a session begins. This allows you to keep using Facebook (even if you close and reopen the web browser) until you click on ‘log out’...
Post a Comment
Read more

How To Make Personal Diary And Notes On WhatsApp, Learn These Special Tips

  In today’s era, the use of smartphones is constantly increasing, WhatsApp is the most special app on smartphones and it has become a special part of people’s lives as well. It is being used for personal and office work. Constantly new updates have been coming on WhatsApp, but in this report, we have been giving you some special tips with the help of which you can make a personal diary or notes on WhatsApp. Let’s know. We do most of our work from our smartphone only. In such a situation, when we have to note some important things or make a list, we share it on phone notes or WhatsApp. Many times, from office to personal work, we also share on WhatsApp. We write our important thing or any message and send it to any of our family members or friends on WhatsApp. Doing this can sometimes result in frontal confusion, so today we are telling you the trick of such a big work of WhatsApp which you can use to save your important work or any document. You can also use your WhatsApp like a p...
2 comments
Read more