Natas - Level 5

Connection information

  • Username: natas4
  • Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
  • URL: http://natas4.natas.labs.overthewire.org

Information given

The white box says this:

Access disallowed. You are visiting from ”” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/” Refresh page

Getting the password

Clicking on ”Refresh page” redirects us to http://natas4.natas.labs.overthewire.org/index.php (it really refreshes the page). This page says:

Access disallowed. You are visiting from ”http://natas4.natas.labs.overthewire.org/” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/” Refresh page

Clicking again on Refresh page refreshes the page. And the page now says:

Access disallowed. You are visiting from ”http://natas4.natas.labs.overthewire.org/index.php” while authorized users should come only from ”http://natas5.natas.labs.overthewire.org/”

It seems that the page uses the referer to know which page your are coming from, and will only give you the password if you come from http://natas5.natas.labs.overthewire.org/.

  1. So I go to the natas5 lab http://natas5.natas.labs.overthewire.org
  2. Cancel when asked for the password
  3. Modify the page to add a link. To do that in Firefox:
    • Right click on the page
    • Inspect element
    • Right click on body
    • Select Edit as HTML
    • Add a div with the code listed below
    • Click on head (the tag).
<div id=”viewsource”><a href=”http://natas4.natas.labs.overthewire.org”>Refresh page</a></div>

Now when I click on the Refresh page button I added, I am redirected to the natas4 page (yay!) and here is what it says:

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq