OverTheWire Natas Walkthrough - Level 0 - 4

HackerSploit · Intermediate ·🔐 Cybersecurity ·6y ago

Key Takeaways

The video demonstrates a walkthrough of levels 0-4 of the OverTheWire Natas challenge, focusing on common misconfiguration vulnerabilities and modifying the referer in HTTP requests using tools like Burp Suite and Zap proxy.

Full Transcript

hey guys hackersploit here back again with another video welcome back to the over the wire war games challenges uh in this video and in future videos of course i'm gonna be taking a look at over the y and natus and uh as i said i'm going chronologically so we've completed bandit we're now going to natus and uh apart from bandit and krypton i believe i haven't done any of these other war games so this is going to be very interesting um so let's click on natives and let's see what we're dealing with so you can see that natus tells us right away natives teaches the basics of server-side web security all right so this is going to be focusing on web application security uh stuff like that um so uh the proxy that i've decided to use for this video series is going to be osap now the reason i'm using wasp zap is because uh number one it's a free and open source software and i just believe that uh you should be using that if you do have the option and it's just as good as burp suite but of course burp so it is looked as the def the as the de facto option uh but i'm going to be showing you what um i'm going to be doing with uh with osap so that you can learn as as i'm going through it as well and i'll be trying to explain all these steps i'm taking one last thing i'm going to be sorting out these videos based on the on the vulnerability that each level is going to be focusing on and yeah so let's get started so it tells us that each level of nature's consists of its own website located at and it gives us the url here so http nativex.net.labs.otherwise.org where x is the level number there is no ssh login to access a level so we're primarily dealing with web applications so enter the username for that level which is going to be native 0 4 level 0 and its password each level has access to the password of the next level your job is to somehow obtain the next password and level up all passwords are also stored in etsy natives web pass so it looks like we'll be dealing with a server or some command injection at some point because it actually gives us the directories as to where the passwords for the next levels are stored so for example the password for is five is stored uh in the files at seednatus webpass natives five and the only readable by natives four and eight is five all right so uh we start here it gives us a username and password in the url so let's open that up immediately so i'm just going to copy this and open link in the new tab and we'll enter the credentials so nato0 and let's get this show on the road so i'm not going to save the password so it looks like we don't have an ssl certificate and yeah all right so this looks like a fairly basic site we have the we have a nav bar at the top without any menu items we also have this little container telling us that you can find the password for the next level on this page so let's just check the source view the source of the page so the stuff in the headers nothing to do with the page it looks like we get a this looks like a javascript variable that gives us the level that we're on and the password for that level which is quite helpful we'll also be playing with that and we also have a comment that gives us the posit for native s1 so yeah that was extremely basic this is one of the things i this is one of the vulnerabilities you hardly find nowadays with the production web applications because no one actually leaves comments in the code anymore uh we also have a submit token uh link here which takes us to a ctf dashboard alright so it looks like you typically submit your flags here or the passwords here so let's move on to native one and um just hit latest one and we'll paste in the password here all right so it tells us you can find the parcel for the next level on this page but right clicking has been blocked um so let's see if we can right click so it tells us right clicking has been blocked uh uh no it looks like we can actually right click at the bottom here so it looks like there's a div or a container that we cannot actually right click on but we can do it right over here and we get the password for nato's level two um if we explore the page we can't see anything anything interesting at all so let's just head on over to the next level uh so far this is quite simple but i guess it starts off that way i'm not really sure with bandit it's sort of tapered off at the end it got quite challenging but um anyway so nate is too uh it tells us that there's nothing on this page um let's see if we can view the source so it tells us again it gives us the standard uh header here then it tells us that the stuff in the head has nothing to do with the level quite interesting uh i don't think i'll take them that seriously because it looks like they have some interesting information here so we get the it tells us there's nothing on this page and it gives us an img here on image which i can't actually see here that's interesting um and the image is a pixel.png so if we click on it it just displays a pixel a single pixel which is why we can't actually see it here on the web page uh it also looks like this is under a directory called file so let's see if we can actually access this directory or perform some directory traversal so png yeah that's the png file let's see if we can access this directory and indeed we can so we get a users.txt file but the other thing we can see is we're running apache 2.4.10 on a debian server so yeah that that's pretty standard information if we go to the parent directory that takes us back to the home page so i'll go back if we go to the users.txt file uh this gives us uh users for for some other it gives us passwords for some other users and also deposit for natives level three so i'll keep this webpage open in case we need it and let me just back out a little bit here and we'll open up nato's level three and level three and we'll just enter the password all right so this tells us there's nothing on this page so again let's view the source let's also check uh let's also check whether we can uh yeah that's fine all right so this tells us the same thing uh and for the content we have a comment here telling us that no more information leaks not even google will find it so uh that looks like a hint to actually uh take a look at the robots.txt file which will actually show us what files and directories are disallowed and immediately we get a directory called secret so let's try and access this directory [Applause] let's see what files or directories we have in here so it looks like we have a users.txt file so let's click on that and that gives us the password for latest four so yeah this is this is fairly simple um um so let's go to nato's four and um we'll click on enter and uh yeah we want to just get rid of this secret directory because we are dealing with a new level now oops sorry about that guys uh looks like i open this up in a in a different tab here can i actually just drag this back on top yeah there we are so we'll drag this back and this tells us access disallowed you're visiting from quotation marks looks like it can actually be a very variable there while authorized users should only come from http natives5.nativeslabs.overview.org if we refresh the page we see that it yeah it tells us that you're visiting from natives4.labs.org.org while authorized user should only come from nato's five uh so i think yeah this we did i think i know what we're supposed to do here so it looks like this is just a simple case of just changing the referrer from nato's we with the request the get request from nato's four to native five and hopefully that gives us a different response let's just check the source here because i don't want to miss anything so it looks like it doesn't give us anything else apart from the standard stuff in the header and the javascript variable here um so i think it's time we actually use our proxy uh we're gonna be using zap and for some reason i actually forgot to install the foxy proxy plugin so foxy proxy um we're on mozilla firefox here so we'll just get the standard edition and i'll just wait for this to load up i'll add this to firefox i should have actually done this before recording the video but in any case yeah there we are so we'll just go into options and i'll add a new proxy here we'll call it wasp zap and i'll just give it a nice blue color that represents its actual logo and well this is going to be localhost so 1.6127.0.0.1 and the port is going to be port 8080 and i'm going to save and yeah so we have that active um by the way i think i'd installed a custom certificate here let me just see if i have it installed because uh i'll actually show you how to do this so if you want you you want to install the ca certificate or the certificate authority for us zap which i believe i already did because i've been using it quite a bit so i'm just going to delete that and just hit ok so i'll start up os app here so open new window and i believe it's called zap proxy i'll also make a video showing you how to install it on the various linux distributions if you guys want to see that so i'll just hit enter that's gonna start up the zap proxy for us here i'm just gonna hit start um let me just close this up so uh if you want to actually uh generate a certificate or a certificate authority you want to go into tools and uh options you're looking for another client certificate we're looking for dynamic ssl certificates and you can generate or you can import one and then you all you need to do is click on save and you can save it to a particular directory and then all you need to do is import it with firefox so what we'll do now is let's actually see whether we can intercept this right now so i'm just going to click on osap here and i do not i don't want to i do not want to set a break on any requests i just want to see how the data or how the requests are being sent so advanced uh accept the risk and continue uh for some reason it keeps on telling us uh view certificate uh all right so yeah i think i'm oh yeah i forgot to reinstall it sorry about that so i'll just import and we'll import the os zap certificates all trust the certificate and just hit ok and let's try that one more time now so i'll just disable the proxy one more time just turn off and uh we will sort of get rid of this here i'll just hit http and we'll reload this with osp zap so i'm just going to reload and it asks us for the password which i believe uh nato's for did i even save the password latest four let's see if i have it on my clipboard thank god i have it so all right so i sent the request so let's see how that was actually sent so we have a 200 code a response code so let's click on that uh so osap is very very simple to use so you can see right over here we have the actual request the get request we can see that we have the referrer which we want to change we also have a cookie and an authorization the key thing or the the interesting thing is if we take a look at the unauthorized one uh we don't have the we don't have the authorization flag here or the parameter and i don't see any username or password being parsed so it looks like this base64 code is holding some data so let's actually see what data it's holding so if we go with let's just copy that and we want to decode this so i'm just going to click on decode and i'll paste that in here and yes so you can see it's base64 and once we decode it we can see we have the password uh and it's nature's four so the user and the password so natives four and the password for natives four so that's interesting that will help us uh navigate this a little bit better so what i'm going to do is we've already authenticated now that's good um so what i want to do is i just want to uh i'm just going to set i'm just going to set a break on all the requests because we want to intercept it so i'm just going to reload this and we're going to go back into the zap proxy here and we want to take a look at the latest one here so if i just click submit to the next breakpoint here let's see if that is actually reloaded all right so there we go that reloaded so i'm just going to set this one more time and i'm going to reload that again and uh we want to take a look at this one right over here if we change the referrer to nato's five sorry we want to send this to the request editor so we want to change the referrer to nato's five and we just hit send uh yeah we get the password for nato's five which was yeah that that that was pretty quick so uh it looks like uh so if we just uh let's just close this up here and uh i'm gonna go back into zap uh by the way did i get the response here so again we simply if we change that and let's just unset that so that should let's make sure we also for the next packet and let's refresh that one more time because i didn't actually copy the password here but any case uh i'm just gonna break i'm just gonna set that there and we will actually click on this here and we want to send this to the request editor and we're going to change that to latest five and hit send and we get deposit for nato's five so i'm just going to copy that and we'll close this up and what i'll do is i'll just i'll just unset and i will make sure that i have uh i've actually submitted and continue to the next breakpoint so this you can see it's quite similar to burp suite so what i'll do now is i'll just disable the foxy proxy right over here and we'll stop proxing through as zap and i'll just reload this to nato's five and so i'll say nato's five and we will hit okay and hit enter and you can see it tells us access disallowed you're not logged in all right so i think we're now at native level five so this looks like it's dealing with an authentication vulnerability so uh that's gonna be it for this video i want to sort these videos out based on the vulnerabilities that they're covering and i feel we've gone long enough in this video i want to keep them nice and short so that we can cover things more effectively so that's going to be for this video and i'll be seeing you in the next video you

Original Description

In this video, I go through levels 0-4 of the OverTheWire Natas challenge. This level involves finding common misconfiguration vulnerabilities and modifying the referer in HTTP requests. OverTheWire: https://overthewire.org 📈 SUPPORT US: Patreon: https://www.patreon.com/hackersploit Merchandise: https://teespring.com/en-GB/stores/hackersploitofficial SOCIAL NETWORKS: Reddit: https://www.reddit.com/r/HackerSploit/ Twitter: https://twitter.com/HackerSploit Instagram: https://www.instagram.com/hackersploit/ LinkedIn: https://www.linkedin.com/company/18713892 WHERE YOU CAN FIND US ONLINE: Blog: https://hsploit.com/ HackerSploit Forum: https://hackersploit.org/ HackerSploit Cybersecurity Services: https://hackersploit.io HackerSploit Academy: https://www.hackersploit.academy HackerSploit Discord: https://discord.gg/j3dH7tK LISTEN TO THE CYBERTALK PODCAST: Spotify: https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7 We hope you enjoyed the video and found value in the content. We value your feedback. If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms. Thanks for watching! Благодарю за просмотр! Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Obrigado por assistir دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة #OverTheWire#WebAppPentesting
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches viewers how to identify and exploit common web application security vulnerabilities, including misconfiguration and authentication issues, using tools like Burp Suite and Zap proxy. Viewers will learn how to modify HTTP requests, perform directory traversal attacks, and detect authentication vulnerabilities.

Key Takeaways
  1. View the source of the page
  2. Check if right clicking has been blocked
  3. Perform directory traversal
  4. Access the secret directory
  5. View the users.txt file
  6. Change the referrer in the request
  7. Use Zap proxy to intercept and modify the request
  8. Import custom certificate for Zap proxy
  9. Intercept the request and view the data being sent
  10. Decode the base64 code in the unauthorized field
💡 Modifying the referrer in HTTP requests can be used to bypass security measures and access restricted areas of a web application.

Related Reads

📰
The Expert You’d Call in a Ransomware Attack Sees Everything. One Sold It to the Gang.
A ransomware negotiator betrayed clients by selling their private info to attackers, highlighting the need for secure and trustworthy cybersecurity practices
Medium · Cybersecurity
📰
Australia finds serious gaps in Big Tech’s response to child sexual abuse online
Australia's online safety regulator finds Big Tech's response to child sexual abuse online inadequate, citing existing tools not being utilized
The Next Web AI
📰
The Future of Endpoint Security: Why Visibility, Intelligence, and Automation Will Define the Next…
Learn how visibility, intelligence, and automation will shape the future of endpoint security and why it matters for businesses
Medium · Cybersecurity
📰
Why Every Cybersecurity Product Needs Enterprise-Grade Connectors in 2026
Learn why enterprise-grade connectors are crucial for cybersecurity products in 2026 and how they can improve integration and efficiency
Dev.to · Shivang Patel
Up next
8-Step Cybersecurity Engineer Roadmap 2026 | GenAI Era | #shorts
SCALER
Watch →