Natas- level 0-3 Writeup

Level 0

As specified in the Level 0 page the login details are as follows

Username: natas0
Password: natas0


The password for this level as specified by the hint is in the source code


As said in the source code the password is gtVrDuiDfck831PqWsLEZy5gyDz1clto.

That was easy :p. now lets head ovet to the next level at natas1

Username: natas1
Password: gtVrDuiDfck831PqWsLEZy5gyDz1clto


This is also similar to the previous level. here as right click has been disabled press ctrl+u to view the source code then you’ll be able to see the password for the next level.


in the source  code the password is in plain text.


there fore the credentials for the next level are

Username: natas2
Password: ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi



As Instinct Suggests let us have a look at the source code for some clues.


As you can see there is nothing in plain text. but there is a image file on a relative path. lets see what that particular folder contains. level2-files

Eureka !!! this folder contains a file named users

in the file the credentials or the next level are given.

Username: natas3
Password: sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14

Level 3

when you login with the previous mentioned credentials you will get the following view.


what do you do when the front end is as empty as this?…. yes  you are right LOOK AT THE SOURCE CODE :D.


say what now. the only thing that it says here is

<!– No more information leaks!! Not even Google will find it this time… –>

now what is the thing that cannot be found by google?

yes you are right that is not crawled by the spiders cannot be indexed by google.

how do you do that? with the robots.txt file.

Now lets see what the robots.txt here says

User-agent: *
Disallow: /s3cr3t/

that means the folder / s3cr3t/ is not indexed. lets take a look into that folder


in the file the credentials or the next level are given.

Username: natas4
Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Follow the next post for NATAS 4 Write Up




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Powered by

Up ↑

%d bloggers like this: