OverTheWire — Natas level 3&4 Walkthrough
Complete explanation and solution for levels 3 & 4 of OverTheWire — Natas
Level 2 → Level 3
- let’s view the page source
ctrl + u
- nothing interesting here but there’s a comment that might be useful
- it says not even google can find it…hmmm
- this can mostly be talking about the
robots.txtpage, which Google uses to tell search engine crawlers which URLs the crawler can access on the site, it basically used to identify restricted or private areas of a site
- so let’s navigate to that page: http://natas3.natas.labs.overthewire.org/robots.txt
- we find this
- what this basically tells is, no search engine should index the
- so now let’s navigate to it: http://natas3.natas.labs.overthewire.org/s3cr3t/
- we find a file
users.txtwhich contains the password for the next level!!
Level 3 → Level 4
This level tells us
Access disallowed. You are visiting from "http://natas4.natas.labs.overthewire.org/" while authorized users should come only from "http://natas5.natas.labs.overthewire.org/"
- as always let’s start by reading the source page
- nothing much for us here
- but it tells us we should be visiting this site from
- so for this level let’s use a command called
curl, curl is a tool to transfer data from or to a server
- now we have to change the HTTP header :
refererread more here to
curl http://natas4.natas.labs.overthewire.org/ -u natas4 -e http://natas5.natas.labs.overthewire.org/
-uas this requires authentication, we provide a user, when prompted enter the natas4 level password
-ethis provides the referrer URL
curl <url to get data from> -u <user> -e <referrer URL>
- and there we go, we get the response with the password!!
Give this a 👏 if you found it useful!