It has been a while, but lets start with a new challange, Natas. The whole series of challanges can be found on the website from overthewire.

The first challange:
Natas teaches the basics of serverside web-security. Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

Start here:
Username: natas0, Password: natas0, URL: http://natas0.natas.labs.overthewire.org

Executing the challange
When visiting the webpage I found the message. “You can find the password for the next level on this page.”. This suggests me we need to look into the html code from the website. This can be opened by rightclicking on the webpage and selecting “inspect element”. We found the following:

<div id="content">
You can find the password for the next level on this page.

<!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto -->
</div>

As we can see, we found the password for natas1. Lets login.

Leave a Reply

Your email address will not be published. Required fields are marked *