Posts

Showing posts from October, 2012

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

Image
So we cracked Level 4  with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5 , and after logging it it presents us with a weird page: Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

Image
So Level 3  required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4 . When we load up this level, we are welcomed by the following error: So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

Image
After breaking Level 2  with some knowledge of how web servers hold their data, we move on to Level 3  which presents us with the same page as level 2:

OverTheWire Wargame "Natas" Level 2 [How-To/Web]

Image
So Level 1  wasn't that bad, either. Let's start Level 2  with the credentials that we found in the previous level. When we load up level 2, we are presented with this: Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Image
Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder. For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire Wargame "Natas" Level 0 [How-To/Web]

Image
OverTheWire  has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me! Going to the front page of Natas , it gives us the creds to get into level 0, so we need to find level 1's creds somehow.