This article is continuation of last article: Overthewire Natas walkthrough 1 – 4.
This article contains walkthrough from level 5 -7.
Let’s get on with it:
Level 4 – 5
Login with natas4 password we obtained in the last article. The hint says that we are not allowed because we need to visit from another address.
From the hint, you can guess that we have to change the address from that we are visiting from.
That information is sent in the header using Referer header. The Referer header carries the information of the website we are visiting from. Mostly this header is used to keep track of from where the user is visiting and in this case we need to change that information to natas5.natas.labs.overthewire.org.
You can use many plugins from firefox store. I am using Tamper data here, you can also use Burp suite, if you want to.
So go to Menubar and select Tools and then Tamper Data. In the screenshot below, you can see the Referer, I have changed it to the one they are saying.
There you go, the password for level 5.
LEVEL 5 – 6:
Login with above password.
You will see this error on the page.
If you look at the source of the file. It also doesn’t give me anything, So since the hint says that I am not logged in =, I checked my cookie details in header.
So, I opened Burpsuite and saw what’s going on in the request. Here you will see a cookie value which says loggedin=0,
Let’s change it to 1 to see where will it take us:
There you go, The password for level 6
Level 6 – 7
Login with password, you found above.
This screen is what you will see. It is asking for a secret, Let’s view the source code of this little form.
The source code here contains the php [The one I have marked red], Now let me tell you something about server side languages and client side languages, PHP is a server side language, what you see here will not be seen in a real environment unless that file is exist in .txt or .html. PHP code is not actually available for us to see. Instead you will see a blank page in it. But in overthewire natas, it is a challenge and they are showing you the code, so you can actually see what happens when request is made.
In the above code, you will see the “include”,Include in php helps us include a certain file in the code. Looking at it, it seems like it contains the password, So I went to the file through browser, It comes out as blank.
But when you see the source code, you will find the password.
That’s all from level 4 to 7, This article will continue and in the next post.