Accessing Natas3 by using the password we found in the previous level, says that “There is nothing on this page”.
Soultion
We will check the page source to see the source code.
View-source:
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas3”, ”pass”: ”3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH” };</script></head>
<body>
<h1>natas3</h1>
<div id=”content”>
There is nothing on this page
<!– No more information leaks!! Not even Google will find it this time… –>
</div>
</body></html>
Other that that text, we can see some text which is commented. And it says no more leaks, Not even Google will find it this time.
When it says “Not even Google”, it means that google search engine can’t find certain file or directories on this web page.
Before proceeding you need to understand how exactly search engine finds websites, rather the correct term is how it indexes a website or creates a sitemap. Every search engine has web crawlers set up which try to find everything they can access to on a website. Now, if a web server doesn’t have any controls in place that can avoid crawlers to access specific parts of a website, these crawlers will access everything and will get indexed for search engine optimization.
To avoid access to private areas of a website, web servers have a file called robots.txt which explicitly mentions which parts to avoid for these crawlers.
Now we know how a robot.txt file works, we can try to find this file on our natas3 webpage. Most obvious way is to fire a curl command
Command: curl http://natas3.natas.labs.overthewire.org/robots.txt -u natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH Output: ╰─λ curl http://natas3.natas.labs.overthewire.org/robots.txt -u natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH User-agent: * Disallow: /s3cr3t/
And we found it! It was actually very easy to find robots file as it was not at all hidden on this web server. Generally this file will be hidden and won’t be accessible easily as it controls access.
As you can see in the output, that is how a robots.txt file looks like. It has a “Disallow” parameters where you can mention which pages/files on the website should not be accessed by any web crawlers.
In the “Disallow” parameter above we can there is a directory named “/s3cr3t/”. When we try to access that directory, we can find a user.txt file which has password stored for natas4.