OverTheWire — Natas level 3&4 Walkthrough

Complete explanation and solution for levels 3 & 4 of OverTheWire — Natas

Level 2 → Level 3

URL: http://natas3.natas.labs.overthewire.org/

  • let’s view the page source ctrl + u
  • nothing interesting here but there’s a comment that might be useful
  • it says not even google can find it…hmmm
  • this can mostly be talking about the robots.txt page, which Google uses to tell search engine crawlers which URLs the crawler can access on the site, it basically used to identify restricted or private areas of a site
  • so let’s navigate to that page: http://natas3.natas.labs.overthewire.org/robots.txt
  • we find this

Level 3 → Level 4

URL: http://natas4.natas.labs.overthewire.org/

This level tells us Access disallowed. You are visiting from "http://natas4.natas.labs.overthewire.org/" while authorized users should come only from "http://natas5.natas.labs.overthewire.org/"

  • as always let’s start by reading the source page
  • nothing much for us here
  • but it tells us we should be visiting this site from http://natas5.natas.labs.overthewire.org/
  • so for this level let’s use a command called curl, curl is a tool to transfer data from or to a server
  • now we have to change the HTTP header : referer read more here to http://natas5.natas.labs.overthewire.org/
  • curl http://natas4.natas.labs.overthewire.org/ -u natas4 -e http://natas5.natas.labs.overthewire.org/
  • -u as this requires authentication, we provide a user, when prompted enter the natas4 level password
  • -e this provides the referrer URL
  • curl <url to get data from> -u <user> -e <referrer URL>
  • and there we go, we get the response with the password!!

Give this a 👏 if you found it useful!

Hritesh J is a student pursuing undergraduate studies in CS. Loves cybersecurity and playing ctfs and writing about them. “learning one new thing every day.”