Natas Level 328 Sep 2015 • Leander
This is a solution guide to the Natas3 Level at overthewire. This write-up was created on 5 March 2015.
First connect to the website
- Enter the following as the username natas3 and password sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
Once again we are presented with a page that says there is nothing. As before I first start by checking the source of the webpage and find this peculiar comment.
1 2 3 4 <div id="content"> There is nothing on this page <!-- No more information leaks!! Not even Google will find it this time... --> </div>
So that makes me start thinking about search engines. In a nutshell the robots.txt file on a webpage tells search engines which directories not to enter. More information about the robots.txt file can be found @ here.
Now my first step is to check that file by visiting http://natas3.natas.labs.overthewire.org/robots.txt At this point I am presented with the robots.txt file which contains:
This seems like an interesting place to visit, so let’s change our url again: http://natas3.natas.labs.overthewire.org/s3cr3t/
Another users.txt file! When we read it we find …