OverTheWire Natas Solution Level 1-10

After completing bandit I can not stop myself from playing NATAS. this is again beautiful game. so here we go.

Natas Level 0

Given :- 

Username: natas0 
Password: natas0 
URL: http://natas0.natas.labs.overthewire.org

After Login to this page  you will get this 

Simply viewing the source you will get the password for next level

Password for natas 1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto

Natas Level 1

Given :

Username: natas1
URL:      http://natas1.natas.labs.overthewire.org


After logging Here it show's right click is disable, as I don't use mouse i just click CTRL+U  

It give us password.

key is :- ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi 

Natas Level 2


Username: natas2
URL:      http://natas2.natas.labs.overthewire.org


After logging here it says Nothing is here, Next step is to view Code. 

hmm here I found something suspicious in /files/pixel i just list the contain in /files 
User.txt gives us the password.
NATAS Level 3

Username: natas3
URL:      http://natas3.natas.labs.overthewire.org

After login here It Says nothing. 

After viewing Source code it shows Even google cant find This First thing Click on my mind is robot.txt and its a correct guess

here You will get the path to key 

And the Key is here
key :- Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ


Username: natas4
URL:      http://natas4.natas.labs.overthewire.org

This level is fairly easy when you logged in with credential you will get this 
This clearly tells us to change the referrer to given url once you change the header you will get the key

key :-iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


Username: natas5
URL:      http://natas5.natas.labs.overthewire.org

In this level once you logged in with credential It Says you are not Logged in.
with little bit knowledge of webapp first thought came in mind is to check cookie and pointed it to right direction > ctrl+shift+i > alert(document.cookie) shows loggedin=0 simply changing this to 1 gives the key

key :- aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

NATAS Level 6
Username: natas6
URL:      http://natas6.natas.labs.overthewire.org


As level is getting high game is becoming more and more interested After logging in it ask to enter secret and the option which says view source code i clicked on that i got clue.

Source code clearly state that Secret is in includes/secret.inc

Entering that secret will give us key for next Level

Key :- 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9


Username: natas7
URL:      http://natas7.natas.labs.overthewire.org

This level also follow same pattern but with Directory trivial Logging shows nothing
Then Source Code Gives the path to files 
Navigating to path Gives us key to next Level

key :- DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe


Username: natas8
URL:      http://natas8.natas.labs.overthewire.org

From here they Start making game lil bit tough  After logging the ask to enter the Secret 
When we glance on code it shows that secret is getting encode using php script so next step is to decode the same using same function copying that code and changing encode to decode will give us secret 
And that secret give key to LEVEL 9 

Key is :- W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Natas 9

Username: natas9
URL:      http://natas9.natas.labs.overthewire.org

The Real game begin here first hard task start here. it ask for find word contain  

looking at the code what we understand that Linux command execute without any Sanity  so lets make out hands dirty by rce simply entering keyword; ls /etc/ gives /etc/natas_webpass/

Further cat /etc/natas_webpass/natas10 gives us the key for next level

Key :- nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

Natas 10

Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

This time they add some sanity but the way is also cool to solve this

Code shows that it will not allow & and ; but here we got that it use preg_match so lets try searching this .* /etc/natas_webpass/natas11 and hurry we get key

Here is the key

Key  :- U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK


Enough for today now will write remaining tomorrow....

Stay tuned


  1. Replies
    1. Big data is a term that describes the large volume of data – both structured and unstructured – that inundates a business on a day-to-day basis. big data projects for students But it’s not the amount of data that’s important.Project Center in Chennai

      Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Corporate TRaining Spring Framework the authors explore the idea of using Java in Big Data platforms.

      Spring Training in Chennai

      The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Thanks for sharing an informative blog keep rocking bring more details.I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
    mobile application development training online
    mobile app development course
    mobile application development course
    learn mobile application development
    mobile app development training
    app development training
    mobile application development training
    mobile app development course online
    online mobile application development


  3. thanks for your information really good and very nice web design company in velachery

  4. Aluminium Composite Panel or ACP Sheet is used for building exteriors, interior applications, and signage. They are durable, easy to maintain & cost-effective with different colour variants.

  5. The article was up to the point and described the information very effectively. Thanks to blog author for wonderful and informative post.
    Security Solution Services Pakistan

  6. I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
    Web Designing Training Institute in Chennai | web designing and development course | web design and programming courses

  7. I was following your blog regularly and this one is very interesting and knowledge attaining. Great effort ahead. you can also reach us for web development company in chennai website design company in chennai

  8. Security Cameras, I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.


  9. Welcome! Exceptionally supportive counsel inside this article! It is the little changes that produce the biggest changes. Much obliged for sharing!
    tech news

  10. https://salsabeelahmedandco.com/
    Very Informative and useful... Keep it up the great work. I really appreciate your post.



Post a Comment