OverTheWire Natas Solution Level 1-10

Posted On // Leave a Comment
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.

Natas Level 0

Given :- 

Username: natas0 
Password: natas0 
URL: http://natas0.natas.labs.overthewire.org

After Login to this page  you will get this 

Simply viewing the source you will get the password for next level

Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas Level 1

Given :

Username: natas1
URL:      http://natas1.natas.labs.overthewire.org


After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  

It give us password.

key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 

Natas Level 2


Username: natas2
URL:      http://natas2.natas.labs.overthewire.org


After logging here it says Nothing is here, Next step is to view Code. 

hmm here I found something suspicious in /files/pixel i just list the contain in /files 
User.txt gives us the password.
NATAS Level 3

Username: natas3
URL:      http://natas3.natas.labs.overthewire.org

After login here It Says nothing. 

After viewing Source code it shows Even google cant find This First thing Click on my mind is robot.txt and its a correct guess

here You will get the path to key 

And the Key is here
key :- Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ


Username: natas4
URL:      http://natas4.natas.labs.overthewire.org

This level is fairly easy when you logged in with credential you will get this 
This clearly tells us to change the referrer to given url once you change the header you will get the key

key :-iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


Username: natas5
URL:      http://natas5.natas.labs.overthewire.org

In this level once you logged in with credential It Says you are not Logged in.
with little bit knowledge of webapp first thought came in mind is to check cookie and pointed it to right direction > ctrl+shift+i > alert(document.cookie) shows loggedin=0 simply changing this to 1 gives the key

key :- aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

NATAS Level 6
Username: natas6
URL:      http://natas6.natas.labs.overthewire.org


As level is getting high game is becoming more and more interested After logging in it ask to enter secret and the option which says view source code i clicked on that i got clue.

Source code clearly state that Secret is in includes/secret.inc

Entering that secret will give us key for next Level

Key :- 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9


Username: natas7
URL:      http://natas7.natas.labs.overthewire.org

This level also follow same pattern but with Directory trivial Logging shows nothing
Then Source Code Gives the path to files 
Navigating to path Gives us key to next Level

key :- DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe


Username: natas8
URL:      http://natas8.natas.labs.overthewire.org

From here they Start making game lil bit tough  After logging the ask to enter the Secret 
When we glance on code it shows that secret is getting encode using php script so next step is to decode the same using same function copying that code and changing encode to decode will give us secret 
And that secret give key to LEVEL 9 

Key is :- W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas 9

Username: natas9
URL:      http://natas9.natas.labs.overthewire.org

The Real game begin here first hard task start here. it ask for find word contain  

looking at the code what we understand that Linux command execute without any Sanity  so lets make out hands dirty by rce simply entering keyword; ls /etc/ gives /etc/natas_webpass/

Further cat /etc/natas_webpass/natas10 gives us the key for next level

Key :- nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas 10

Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

This time they add some sanity but the way is also cool to solve this

Code shows that it will not allow & and ; but here we got that it use preg_match so lets try searching this .* /etc/natas_webpass/natas11 and hurry we get key

Here is the key

Key  :- U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK


Enough for today now will write remaining tomorrow....

Stay tuned