Natas · OverTheWire

Natas Level 3 → Level 4

Level 3

Username : natas3
Password : sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14


To solve this level, we first log into the natas3 application using the credentials provided above.

7-10-2017 3-06-48 PM.png

After logging in, we can see the message ‘ There is nothing on this page ‘. Upon examining the page HTML we can see a comment ‘ No more information leaks!! Not even Google will find it this time… 
The robots exclusion standard, also known as the robots exclusion protocol or simply robots.txt, is a standard used by websites to communicate with web crawlers (like Google) and other web robots. The standard specifies how to inform the web robot about which areas of the website should not be processed or scanned. Robots are often used by search engines to categorize web sites. Not all robots cooperate with the standard; email harvesters, spambots, malware, and robots that scan for security vulnerabilities may even start with the portions of the website where they have been told to stay out. The standard is different from, but can be used in conjunction with, Sitemaps, a robot inclusion standard for websites.
Upon accessing we can see that the administrator does not want a web crawler like Google to access ‘ /s3cr3t/ ‘. In the context of robots.txt files, security through obscurity is not recommended as a security technique. We now access the folder and find a users.txt file. Upon opening that file, we find the password for the next round.

7-10-2017 3-07-46 PM.png

7-10-2017 3-08-14 PM

7-10-2017 3-08-39 PM.png

Level 4

Username : natas4
Password : Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s