Wednesday, October 1, 2025

Natas Level 0 : OverTheWire

Natas Wargames from OverTheWire teaches basic Serverside Web-Security. This is a good practice if you are into Bug Bounty Hunting.

I highly suggest that you create an account on WeChall to save your Natas Score. So if you ever want to comeback to a specific level you can!

From Natas Web Page:

Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

Start here:
Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org

Solution

Once you access the webpage, you will see a text saying “You can find the password for the next level on this page.”

This means the password should be here in the source code of this page. You can solve this by two methods.

  1. Using Browser’s Developer Tools:
    Right click on the page and select “View Page Source”
    This will give you the HTML Code for the page. 

    <html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas0”, ”pass”: ”natas0” };</script></head>
<body>
<h1>natas0</h1>
<div id=”content”>
You can find the password for the next level on this page.

<!–The password for natas1 is 0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq –>
</div>
</body>
</html>

    The password is right there in commented text in content division.

  2. By using curl command on terminal:
    Use curl utility to get the same output but on terminal. 

    Command: curl http://natas0.natas.labs.overthewire.org -u natas0:natas0

    flag -u is for username and password in a specific format - username:password

And that is how you clear Natas Level 0 and get the password to access Natas Level 1

LibreSOC: Building a Functional Security Operations Center (SOC) using only Open-Source Tools -- Part 1 »
« Natas Level 1 : OverTheWire