OvertheWire – Natas 4

Recap of Last Lesson: We learned about robots.txt and how websites prevent being indexed by search engines.

Natas Level 4

Objective

Find the password to log into level 5.

Intel Given

How to

When we come to the page we are greeted immediately by an error message.  It says, “Access disallowed.  You are visiting from ” ” while authorized users should come only from “http://natas5.natas.labs.overthewire.org/”.  What is inside the quotes may vary for you, if you just pasted the URL in your browser it will be blank like it is for me.  So the question is now, how does the page know where we came from?  To understand this, we need to learn a little about HTTP.  HTTP is an important protocol to understand, I suggest you take some time to learn as much about it as you can. Hopefully, through your research you should have come to take a look at the different HTTP Request fields. Find anything that looks like it might give information where we are coming from?  If not,  look harder.  Still stumped? Check it out here.

Ok, enough background.  Lets get to thinking.  How do we get referred from natas5?  We don’t have access to natas5 yet!  Oh right, we are hackers after-all.  What do we do?  We spoof it. How you may ask?  Well, one way we can do that is by using a HTTP proxy to intercept the packet before it hits the wire.  Note: there are a LOT of ways to do this, but for my example, I’m going to use a firefox extension called “Tamper Data.”  Relatively, it’s pretty simple use.  Install the add on and run it, you may have to restart your browser. Go ahead and open it up.  Hit the “Start Tamper” button and click “Refresh page” on Natas4.  You should see a request to intercept. If you select “Tamper” you should be taken to the Tamper Popup.  Guess which field we are going to change?  Yep, you guessed it.  The Referer.  Change the value to what the webpage wants, and send it.    Assuming it works, you should see Access Granted.