Recap of Last Lesson: We right clicked in the browser to view the page source and find the hidden password.

Natas Level 1

Objective

Find the password to log into level 2.

Intel Given

  • URL: http://natas1.natas.labs.overthewire.org/
  • Password is on the page
  • Rightclick is blocked


How to

This challenge is extremely similar to the one before it with one exception. While previously we were able to view the source by right clicking, this time we are blocked from doing so. Depending on your browser, you may still be able to right click despite the administrator attempting to block it. For the purpose of this lesson, we will assume we cannot do so.

There are actually a number of ways to view the source code of a web page other than right-clicking. It is also dependant on your browser. For these examples, I am using Firefox on running on Linux.
Alternative methods to view the source in Firefox:

In Firefox, you can press the F12 key to open Developer mode. This will open a console with a number of different tools. The Inspector tab will contain the HTML source code.

Depending on your version of Firefox, you will also have a menu. This can be accessed from clicking on the Menu icon on the far right, and in other versions of Firefox, pressing ALT will bring it up.

Also, by pressing CTRL + U you can instantly bring up the source code.

Once you are able to read the source code you may notice something: The right-click functionality is being blocked with Javascript. Like with HTML, I highly recommend getting familiar with Javascript for further exercises. You can learn it at W3Schools and Codecademy. Since this code is in Javascript, if the browser was set to disable javascript, this could not run. Certain add-ons like NoScript block Javascript for security reasons.

The code of the Javascript is such:

<body oncontextmenu=”javascript:alert(‘right clicking has been blocked!’);return false;”>

What does this mean? The oncontextmenu event occurs when the user right-clicks on an element to open the context menu. Since this is attached to the Body tag, any-time the user right-clicks in the Body of this page, the event will occur. The javascript alert brings up an alert box.

Conclusion
We covered a few different ways to view the source code in the Firefox web browser, and briefly introduced Javascript.