Natas · OverTheWire

Natas Level 5 → Level 6

Level 5

Username : natas5
Password : iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq


To solve this level, we first log into the natas5 application using the credentials provided above.

7-10-2017 3-26-28 PM.png

We can see that the application displays a message ‘ Access disallowed. You are not logged in ‘.

On investigation, we can see in the Burp Proxy that the application sets a cookie named loggedin with 0 as the value.

7-10-2017 3-27-08 PM.png

It seems like this cookie is read by the server to determine whether a user is allowed access or not. Therefore, the next step should be changing the value of this cookie and seeing if the server responds differently.

7-10-2017 3-28-02 PM.png

As we can see now, the application responds differently and displays the password for natas6.

Level 6

Username : natas6
Password : aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s