Natas · OverTheWire

Natas Level 1 → Level 2

Level 1

Username : natas1
Password : gtVrDuiDfck831PqWsLEZy5gyDz1clto


To solve this level, we first log into the natas1 application using the credentials provided above.

7-10-2017 2-07-12 PM.png

After logging in, we can see the hint provided by the page ‘ You can find the password for the next level on this page, but rightclicking has been blocked!  ‘
A web application can disable the use of right-click using javascript. In this particular case, however, right-clicking is possible on most parts of the page. There are several possible ways to read the HTML content of the page. I’m going to demonstrate using 2 different ways in this blog post.

  1. Using Inspector
  2. Using a Proxy

Using Inspector
We can open Inspector by right clicking on the body of the page where right-click is not disabled and read the HTML of the page.
We can see that the HTML of the page contains the password for natas2 in a comment.

7-10-2017 2-09-20 PM.png

Using Burp as Proxy
If an application is proxied, we can view all the content transferred from the web server to our browser. This gives us the opportunity to read any data that is delivered to the browser. Using that, we can simply read the response provided by the server to our request for the webpage.

7-10-2017 2-10-13 PM.png

Level 2

Username : natas2
Password : ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s