Introduction

This is the introductory level for the “Natas” wargame hosted by Overthewire

What is Natas?

Natas teaches the basics of serverside web-security.

Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5. Source

There will be no level goals for this wargame, just get in and mess around.

Login

Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org

Doc

What is inspect element?
Inspect element is a feature of modern web browsers that enables anyone to view and edit a website’s source code, including its HTML, CSS, JavaScript, and media files. When the source code is modified with the inspect tool, the changes are shown live inside the browser window.

Solution

Let`s connect to the provided URL with the given credentials. Immediatly we are hit with a prompt saying that the password for the next level is located in this webpage.

image

The first thing you want to do when you don`t know what to do in order to progress further is to inspect the webpage you suspect could have a clue and sniff around the guts of the page to see what you can find. In this case, because this is the first level, the password is just there and that`s it! Use it for natas1.

gif