OverTheWire Natas Level 4 Walkthrough

Today we're doing level 4 of the Natas series of CTF wargames hosted at:

http://natas4.natas.labs.overthewire.org

As usual we will need to authenticate into this webpage, using the current level of the Natas game (natas4) as the username, and the password we got from the previous level as the password.  Once authenticated, we see this:


It looks like the difficulty of the Natas levels has gone beyond the point where we can solve the levels without other tools.  In this case, we will have to send modified HTTP requests to the natas4 website, which we will do with the OWASP ZAP program.  In this case, the website will only log us in if we are referred to this page by the Natas5 webpage. 

Teaching how to install and configure OWASP ZAP is out of scope for this walkthrough, but there are a lot of tutorials out there that can teach us how to do that.

So we'll start up OWASP ZAP, make sure our web browser is using the correct proxy port, then start intercepting HTTP requests by pressing the red button the in ZAP like the screenshot below.


Then go back to our webpage with Natas4 and refresh the page.

This starts the following prompt from ZAP:


Here, we want to edit our HTTP request header to the Natas4 website and add a line that indicates we're being referred to the webpage by Natas5 like so:


Then we pass the rest of the HTTP requests through by pressing the arrow button indicated in the above screenshot.  Next, we go back to our Natas4 webpage to see if we logged in successfully or not.


Summary

Natas4 will not log us in unless it receives an HTTP request that contains a referrer string from the Natas5 webpage in the header.  We were able to edit our HTTP request to the page using OWASP ZAP, and after sending the modified HTTP request, we were able to log in and receive the password for Natas5.

Finish












Comments

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - XSS - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the XSS room hosted at https://tryhackme.com/room/ xss . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed XSS vulnerable web client as the the victim machine. Task 1 - Introduction Questions: Read the introduction. No answer needed Task 2 - Deploy your XSS Playground Questions Deploy the machine and navigate to http://<ip> No answer needed Task 3 - Stored XSS Questions The machine you deployed earlier will guide you though exploiting some cool vulnerabilities, stored XSS has to offer. There are hints for answering these questions on the machine. No answer needed Add a comment and see if you can insert some of your own HTML. Doing so will reveal the answer to this question. Register for the web-app with the following parameters Username: test Password: test Click the Register button  Click the “hamburger menu” button Click the ...
Read more