Natas Pt. 2
Sorry for the delay. I finished my final semester of grad school, graduated, and started work so I have been slow on keeping this up. However, I wanted to provide an update on the Natas journey.
Natas 3
So for this one, I had a bit of a cheat to start. I have started Natas before and remembered something about /robots.txt. So the first thing I saw was this page
Because I remembered /robots.txt and had not needed to use it yet, I tried it on this page which led me here:
First of all: Ignore my bookmarks bar. Second, when I saw /s3cr3t/ I tried entering it to the url and got:
When I saw this, I knew I had it and clicked the users.txt leading me to:
Natas 4
When I entered Natas 4, I was faced with this page which contained a password for Natas 5:
I am never one to look a gift horse in the mouth and tried it. However, it did not work and I was faced with:
I returned to the first page and tried refreshing which did nothing. When I checked the developed tools, I found this hidden input
Unfortunately, that also did not work and I realized after that this is just the password for Natas4. However, upon clicking “Refresh Page” again, I noticed it took me to /index.php. After Googling, I found that was related to dynamic web pages as a sort of home base for more complicated URLs and thought that I would probably need to mess around with this URL more. I wanted to be thorough by testing /files/, /robotx.txt, and /users.txt but none of these had results. I also could not access a sitemap. Not going to lie, at this point I was not sure where to begin looking. So I found an awesome person who had no-spoiler hints: https://onestepcode.com/no-solution-natas-guide-overthewire. I checked the first three to make sure it was a level of non-spoilers that I wanted and they pointed me towards figuring out how the site knows where I’m visiting from. This led me to checking the Network tab and HTTP requests.
At this point, I realized I had been looking at the wrong page all along. I had been examining Natas 4 instead of Natas 5 and needed to be using Burp Suite. I came back the next day to try again.