Natas- level 0-3 Writeup

Level 0

As specified in the Level 0 page the login details are as follows

Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org

level0

The password for this level as specified by the hint is in the source code

level0-source

As said in the source code the password is gtVrDuiDfck831PqWsLEZy5gyDz1clto.

That was easy :p. now lets head ovet to the next level at natas1

Username: natas1
Password: gtVrDuiDfck831PqWsLEZy5gyDz1clto
URL: http://natas1.natas.labs.overthewire.org/

Natas1

This is also similar to the previous level. here as right click has been disabled press ctrl+u to view the source code then you’ll be able to see the password for the next level.

level1

in the source  code the password is in plain text.

level1-source

there fore the credentials for the next level are

Username: natas2
Password: ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi
URL: http://natas2.natas.labs.overthewire.org/

Level2

level2

As Instinct Suggests let us have a look at the source code for some clues.

level2-source

As you can see there is nothing in plain text. but there is a image file on a relative path. lets see what that particular folder contains. level2-files

Eureka !!! this folder contains a file named users

in the file the credentials or the next level are given.

Username: natas3
Password: sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
URL: http://natas3.natas.labs.overthewire.org/

Level 3

when you login with the previous mentioned credentials you will get the following view.

level3

what do you do when the front end is as empty as this?…. yes  you are right LOOK AT THE SOURCE CODE :D.

level3-source

say what now. the only thing that it says here is

<!– No more information leaks!! Not even Google will find it this time… –>

now what is the thing that cannot be found by google?

yes you are right that is not crawled by the spiders cannot be indexed by google.

how do you do that? with the robots.txt file.

Now lets see what the robots.txt here says

User-agent: *
Disallow: /s3cr3t/

that means the folder / s3cr3t/ is not indexed. lets take a look into that folder

level-s3cr3t

in the file the credentials or the next level are given.

Username: natas4
Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
URL: http://natas4.natas.labs.overthewire.org/

Follow the next post for NATAS 4 Write Up

NATAS 4

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: