Natas · OverTheWire

Natas Level 4 → Level 5

Level 4

Username : natas4
Password : Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ


To solve this level, we first log into the natas4 application using the credentials provided above.


Upon logging in, we can see the message displayed by the application ‘ Access disallowed. You are visiting from “” while authorized users should come only from “” ‘

This message from the application gives us a hint that probably the application is only allowing access to requests referred by ‘ ‘

Each HTTP message contains headers that are used to exchange information about the content of the HTTP message. One of the headers is Referer. (The misspelling of referrer originated in the original proposal by computer scientist Phillip Hallam-Baker to incorporate the field into the HTTP specification. Referer has since become a widely used spelling in the industry when discussing HTTP referrers)

For this particular case, I am going to use Burp Proxy to send this request and add a Referer header with the value ‘  ‘.

7-10-2017 3-24-08 PM.png

As we can see in the screenshot above, the password for natas5 is displayed.

Level 5

Username : natas5
Password : iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s