Natas Level 3 -> Level 4

Skills - BurpSuite or proxy, HTTP Headers

Username: natas4
Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
Target URL: http://natas4.natas.labs.overthewire.org

The access is disallowed if you directly try visit the site. It says to come from http://natas5.natas.labs.overthewire.org. If you directly visit http://natas5.natas.labs.overthewire.org with "natas4" creds, it says unauthorized.

Viewing page source will reveal nothing. We need to think of accessing target URL by visiting http://natas5.natas.labs.overthewire.org and somehow re-directing to target URL.

For this, we need to start using proxy (I have used BurpSuite community edition) - https://www.youtube.com/watch?v=YCCrVtvAu2I

Original request when clicked "Refresh Page" - We see "Referer" field being used and it comes from target URL itself, which is quite normal. But looking at the homepage., it says access is allowed to homepage is only through http://natas5.natas.labs.overthewire.org. Let's change Referer to "http://natas5.natas.labs.overthewire.org"

Modified Request - We modify referrer as shown below. Also, modify /index.php in the GET request as that will likely throw as error too.

Once you forward the modified request, you will land to homepage and get the flag.

Password - iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

PreviousNatas Level 2 → Level 3 NextNatas Level 4 -> Level 5

Last updated 4 years ago