Wednesday, October 1, 2025
Accessing Natas3 by using the password we found in the previous level, says that “There is nothing on this page”.
Soultion
We will check the page source to see the source code.
View-source:
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas3”, ”pass”: ”3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH” };</script></head>
<body>
<h1>natas3</h1>
<div id=”content”>
There is nothing on this page
<!– No more information leaks!! Not even Google will find it this time… –>
</div>
</body></html>
Other that that text, we can see some text which is commented. And it says no more leaks, Not even Google will find it this time.
When it says “Not even Google”, it means that google search engine can’t find certain file or directories on this web page.
Before proceeding you need to understand how exactly search engine finds websites, rather the correct term is how it indexes a website or creates a sitemap. Every search engine has web crawlers set up which try to find everything they can access to on a website. Now, if a web server doesn’t have any controls in place that can avoid crawlers to access specific parts of a website, these crawlers will access everything and will get indexed for search engine optimization.
To avoid access to private areas of a website, web servers have a file called robots.txt which explicitly mentions which parts to avoid for these crawlers.
Now we know how a robot.txt file works, we can try to find this file on our natas3 webpage. Most obvious way is to fire a curl command
Command: curl http://natas3.natas.labs.overthewire.org/robots.txt -u natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH
Output:
╰─λ curl http://natas3.natas.labs.overthewire.org/robots.txt -u natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH
User-agent: *
Disallow: /s3cr3t/
And we found it! It was actually very easy to find robots file as it was not at all hidden on this web server. Generally this file will be hidden and won’t be accessible easily as it controls access.
As you can see in the output, that is how a robots.txt file looks like. It has a “Disallow” parameters where you can mention which pages/files on the website should not be accessed by any web crawlers.
In the “Disallow” parameter above we can there is a directory named “/s3cr3t/”. When we try to access that directory, we can find a user.txt file which has password stored for natas4.
Using the password we found for the natas2 in the previous level, we will access natas2 webpage.
The webpage clearly says that “There is nothing on this page”
Solution
Our obvious first step would be using curl or checking the view-source.
View-source:
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas2”, ”pass”: ”TguMNxKo1DSa1tujBLuZJnDUlCcUAPlI” };</script></head>
<body>
<h1>natas2</h1>
<div id=”content”>
There is nothing on this page
<img src=”files/pixel.png”>
</div>
</body></html>
There we can an image being rendered on webpage using img tag.
This “pixel.img” image file is stored files directory and is being showed on the main webpage. Although we can’t see any image on the webpage, it is still there. Infact it is a single pixel in image format. But its not important which image, rather it tells us that we can try directory traversal on this page as we already know the directory “files” can have more files other than just images.
So we will just try to explore that directory first.
http://natas2.natas.labs.overthewire.org/files/
and Voilà, we have that image file (pixel.img) and another text file (users.txt) in “files” directory.
And the password is stored in that users.txt file.
Contents of users.txt
# username:password
alice:BYNdCesZqW
bob:jw2ueICLvT
charlie:G5vCxkVV3m
natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH
eve:zo4mJWyNj2
mallory:9urtcpzBmH
Once you access Natas Level 1 using the password we found in natas0, you will see the text on the webpage that says “You can find the password for the next level on this page, but rightclicking has been blocked!”
Solution
Lucky for us we already know a method which we used in last level i.e to use curl command in Linux to retrieve content from a URL and display it in the terminal. When you fire curl in terminal we will get an output and the password in the source code too!
command: curl http://natas1.natas.labs.overthewire.org -u natas1:0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq
Output:
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas1”, ”pass”: ”0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq” };</script></head>
<body oncontextmenu=”javascript:alert(’right clicking has been blocked!’);return false;”>
<h1>natas1</h1>
<div id=”content”>
You can find the password for the
next level on this page, but rightclicking has been blocked!
<!–The password for natas2 is TguMNxKo1DSa1tujBLuZJnDUlCcUAPlI –>
</div>
</body>
</html>
And that’s the password for the Natas Level 2.
Natas Wargames from OverTheWire teaches basic Serverside Web-Security. This is a good practice if you are into Bug Bounty Hunting.
I highly suggest that you create an account on WeChall to save your Natas Score. So if you ever want to comeback to a specific level you can!
From Natas Web Page:
Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
Start here:
Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org
Solution
Once you access the webpage, you will see a text saying “You can find the password for the next level on this page.”
This means the password should be here in the source code of this page. You can solve this by two methods.
- Using Browser’s Developer Tools:
Right click on the page and select “View Page Source”
This will give you the HTML Code for the page.
<html>
<head>
<!– This stuff in the header has nothing to do with the level –>
<link rel=”stylesheet” type=”text/css” href=”http://natas.labs.overthewire.org/css/level.css”>
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/jquery-ui.css” />
<link rel=”stylesheet” href=”http://natas.labs.overthewire.org/css/wechall.css” />
<script src=”http://natas.labs.overthewire.org/js/jquery-1.9.1.js”></script>
<script src=”http://natas.labs.overthewire.org/js/jquery-ui.js”></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src=”http://natas.labs.overthewire.org/js/wechall.js”></script>
<script>var wechallinfo = { ”level”: ”natas0”, ”pass”: ”natas0” };</script></head>
<body>
<h1>natas0</h1>
<div id=”content”>
You can find the password for the next level on this page.
<!–The password for natas1 is 0nzCigAq7t2iALyvU9xcHlYN4MlkIwlq –>
</div>
</body>
</html>
The password is right there in commented text in content division.
- By using curl command on terminal:
Use curl utility to get the same output but on terminal.
Command: curl http://natas0.natas.labs.overthewire.org -u natas0:natas0
flag -u is for username and password in a specific format - username:password
And that is how you clear Natas Level 0 and get the password to access Natas Level 1
Tuesday, September 16, 2025
I am about to give a small talk tomorrow (Sep 16th, 2025) on Roadmap to pursue a career in Cybersecurity 👨🏻💻🛡️
When I moved back to India, HOD at IT dept at A. P. Shah Institute of Technology (my alma mater) asked me if I can give a talk to Second Year and Third Year Engineering Students. Why would I say No. The best way to become a master in something is to teach others about it. Also I get an opportunity to go back my college as an Alumni and a mentor. It’s cool!😎
So I decided I will give a nice and concise 45 min talk on “How to pursue a Career in Cybersecurity”. It is a little funny if I think about it, I’m not an industry expert to tell others how should they pursue a career. Because, I don’t have a full time job yet. But I do have a Master’s Degree in Cybersecurity from Stevens. So I won’t call myself an industry expert but rather an Emerging Expert.
But I am not going just to give a talk. I more interested in finding out what other activities students have been involved in that are directly related to cybersecurity. It’s been a long time since I have graduated from APSIT. I have been following their Linkedin and Instgram pages for last three years and I have to say, I see a chain reaction. More and more students are interested in this domain. They don’t just want to get certifications but postgraduate degrees too. They are indeed taking it seriously. What’s interesting about this is that it started after I graduated from APSIT. Back then, there were very few people (probably only me from my batch) who were excited about being security specialists. Most of them were interested in Development and other things. But, now it’s different. There is a Cybersecurity Club in my college!. I don’t know what they do apart from taking workshops but I so wish that it should have been there when I was a student. And I have way too many suggestions for them xD.