Natas9

Challenge:Seeing the webpage we have an input field to search word containing a specific string. Where we input the string. Solving it:So lets see the source code again: Reading this code we can see that the name of the field in the form is ‘needle’. The php code uses a …

Natas8

Challenge:We are once greeted with the input secret field. Solving it:Lets see the source code again: So there is a variable named ‘encodedSecret’ with an encoded secret. This encoding probably is base64 even if we dont see any == on the end. So I checked it at an online decoder …

Natas7

Challange:Coming into the webpage we only see 2 links to home and about. Solving it:Lets check both pages and their source code. (I deleted the headers again) After seeing the source code we should probably go to /etc/natas_webpass/natas8. So lets browse to http://natas7.natas.labs.overthewire.org/etc/natas_webpass/natas8. But this webpage doesn’t exist. Probably because …

Natas6

The challange:Visiting the webpage we see an input field with the name ‘input secret’ which submits a query and a link to the sourcecode. See the picture: So lets have a look at the sourcecode (header is deleted to shrink the size of the block of code) As we can …

Natas5

The challange:Access disallowed. You are not logged in Solving it:Reading the message, there probably is a cookie with a value of 1 of 0 which makes you logged in or not. Lets see in the developper console under the ‘storage’ tab. There is a cookie named ‘loggedin’ with the value …

Natas4

Challange: Its actually not really a challange, just some information that the pages gives you. Ill still keep it calling challange. Access disallowed. You are visiting from “” while authorized users should come only from “http://natas5.natas.labs.overthewire.org/” Refresh page Solving it:Once and again, lets see the html code Seeing this, we …

Natas3

Challange: There is nothing on this page Solving it:Lets check the html code once again: The comment “<!– No more information leaks!! Not even Google will find it this time… –>” indicates me that there is a file called robots.txt. Which tells the spiders that certain locations or files aren’t …

Natas1

The challange: You can find the password for the next level on this page, but rightclicking has been blocked! Completing the challange:I can still rightclick on the page, but not in the block. I am greeted with the following message when I do: So lets not use the right click. …

Natas0

It has been a while, but lets start with a new challange, Natas. The whole series of challanges can be found on the website from overthewire. The first challange: Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X …