OverTheWire Natas Solution Level 1-10

Posted On // Leave a Comment
After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.

Natas Level 0

Given :- 

Username: natas0 
Password: natas0 
URL: http://natas0.natas.labs.overthewire.org

Solution 
After Login to this page  you will get this 


Simply viewing the source you will get the password for next level


Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto


Natas Level 1

Given :

Username: natas1
URL:      http://natas1.natas.labs.overthewire.org


Solution 

After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  


It give us password.


key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 

Natas Level 2

Given 

Username: natas2
URL:      http://natas2.natas.labs.overthewire.org

Solution

After logging here it says Nothing is here, Next step is to view Code. 


hmm here I found something suspicious in /files/pixel i just list the contain in /files 
 
User.txt gives us the password.
 
NATAS Level 3

Given 
Username: natas3
URL:      http://natas3.natas.labs.overthewire.org

Solution
After login here It Says nothing. 

After viewing Source code it shows Even google cant find This First thing Click on my mind is robot.txt and its a correct guess


here You will get the path to key 




And the Key is here
key :- Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

NATAS 4

Given 
Username: natas4
URL:      http://natas4.natas.labs.overthewire.org

This level is fairly easy when you logged in with credential you will get this 
 
This clearly tells us to change the referrer to given url once you change the header you will get the key


key :-iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


NATAS 5

Given 
Username: natas5
URL:      http://natas5.natas.labs.overthewire.org

In this level once you logged in with credential It Says you are not Logged in.
 
with little bit knowledge of webapp first thought came in mind is to check cookie and pointed it to right direction > ctrl+shift+i > alert(document.cookie) shows loggedin=0 simply changing this to 1 gives the key

key :- aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

NATAS Level 6
Given 
Username: natas6
URL:      http://natas6.natas.labs.overthewire.org

Solution

As level is getting high game is becoming more and more interested After logging in it ask to enter secret and the option which says view source code i clicked on that i got clue.



Source code clearly state that Secret is in includes/secret.inc

Entering that secret will give us key for next Level


Key :- 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

NATAS LEVEL 7

Given 
Username: natas7
URL:      http://natas7.natas.labs.overthewire.org

Solution
This level also follow same pattern but with Directory trivial Logging shows nothing
 
Then Source Code Gives the path to files 
Navigating to path Gives us key to next Level


key :- DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

NATAS 8

Given 
Username: natas8
URL:      http://natas8.natas.labs.overthewire.org

Solution
From here they Start making game lil bit tough  After logging the ask to enter the Secret 
When we glance on code it shows that secret is getting encode using php script so next step is to decode the same using same function copying that code and changing encode to decode will give us secret 
  
And that secret give key to LEVEL 9 

Key is :- W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas 9

Given 
Username: natas9
URL:      http://natas9.natas.labs.overthewire.org

Solutions 
The Real game begin here first hard task start here. it ask for find word contain  

looking at the code what we understand that Linux command execute without any Sanity  so lets make out hands dirty by rce simply entering keyword; ls /etc/ gives /etc/natas_webpass/



Further cat /etc/natas_webpass/natas10 gives us the key for next level



Key :- nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas 10

Given 
Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

This time they add some sanity but the way is also cool to solve this


Code shows that it will not allow & and ; but here we got that it use preg_match so lets try searching this .* /etc/natas_webpass/natas11 and hurry we get key

Here is the key


Key  :- U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

Cheers

Enough for today now will write remaining tomorrow....

Stay tuned