Natas - Level 5

Connection information

• Username: natas4
• Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
• URL: http://natas4.natas.labs.overthewire.org

Information given

The white box says this:

Access disallowed. You are visiting from ”” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/” Refresh page

Getting the password

Clicking on ”Refresh page” redirects us to http://natas4.natas.labs.overthewire.org/index.php (it really refreshes the page). This page says:

Access disallowed. You are visiting from ”http://natas4.natas.labs.overthewire.org/” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/” Refresh page

Clicking again on Refresh page refreshes the page. And the page now says:

Access disallowed. You are visiting from ”http://natas4.natas.labs.overthewire.org/index.php” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/”

It seems that the page uses the referer to know which page your are coming from, and will only give you the password if you come from http://natas5.natas.labs.overthewire.org/.

1. So I go to the natas5 lab http://natas5.natas.labs.overthewire.org
2. Cancel when asked for the password
3. Modify the page to add a link. To do that in Firefox:
   • Right click on the page
   • Inspect element
   • Right click on body
   • Select Edit as HTML
   • Add a div with the code listed below
   • Click on head (the tag).

<div id=”viewsource”><a href=”http://natas4.natas.labs.overthewire.org”>Refresh page</a></div>

Now when I click on the Refresh page button I added, I am redirected to the natas4 page (yay!) and here is what it says:

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq