Monday, October 29, 2012

OvertheWire - Natas Wargame Level 3 Writeup

Level 3

We can use the credentials obtained from the previous post to log into Level 3. Upon logging, we are presented with a screen similar to that of Level 2:

Again, as always we will start by viewing the source of the page:

 <head><link rel="stylesheet" type="text/css" href=""></head>  
 <div id="content">  
 There is nothing on this page  
 <!-- No more information leaks!! Not even Google will find it this time... -->  

We can see a comment embedded into the source code that mentions that "Not even Google will find it this time..." My first thought (which proved correct) was to check and see if a robots.txt file was present, since this determines if a web crawler (ie Google's) will "find" particular content.

We can see the contents of this file located at

 User-agent: *  
 Disallow: /s3cr3t/  

Here we find a /s3cr3t directory, which is listable and contains the following:

Again, another "users.txt" file, which this time contains:


And there we have it. We can use these credentials to log in to the next challenge. More writeups to come.


No comments:

Post a Comment