Once you access Natas Level 1 using the password we found in natas0, you will see the text on the webpage that says “You can find the password for the next level on this page, but rightclicking has been blocked!”
Solution
Lucky for us we already know a method which we used in last level i.e to use curl command in Linux to retrieve content from a URL and display it in the terminal. When you fire curl in terminal we will get an output and the password in the source code too!
command: curl http://natas1.natas.labs.overthewire.org -u natas1:0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq
Output:
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas1”, ”pass”: ”0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq” };</script></head>
<body oncontextmenu=”javascript:alert(’right clicking has been blocked!’);return false;”>
<h1>natas1</h1>
<div id=”content”>
You can find the password for the
next level on this page, but rightclicking has been blocked!
<!–The password for natas2 is TguMNxKo1DSa1tujBLuZJnDUlCcUAPlI –>
</div>
</body>
</html>
And that’s the password for the Natas Level 2.