OverTheWire Natas Level 1 -> Level 2 - Walkthrough

OverTheWire Natas Solutions

Introduction

In this level, I'll give you a walkthrough to the natas wargame Level 1 -> Level 2. We will see the file structure of a website and utilize it to get the next level's password.

Goal

Login to natas2 and get the password for next level.

Login details

URL - http://natas2.natas.labs.overthewire.org
Username - natas2
Password - h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7

Theory

All the websites are made up of files that are stored in the web server. The domain actually exposes the "root" directory in the file system to where the content is. 

A website generally has some extra folders exposed containing files like images but these should be restricted otherwise anyone can see its contents.

Solution

Open the URL in a browser. Enter the username and password mentioned above.

The below screen appears on successfully logging in that gives the message that there is nothing on this page.

Lets see the source code. Right click and select "View page source".

We can see that an image source file is there in the directory "files". Click on the file name and it will open an image in the new tab.

We will edit the URL and navigate to the "files" directory to see the contents present. In the URL, mention "http://natas2.natas.labs.overthewire.org/files/" and press enter.

We can see that following content is present-:

• Parent Directory - It will take to the website homepage.
• pixel.png - Is is the image file that is present and mentioned in the image source code.
• users.txt - Contains the username and passwords.

Click on "users.txt" file and we can see the password for natas3.

This completes the walkthrough for Level 2. Please post your questions and doubts in the comment section.