OverTheWire Natas Level 2 -> Level 3 - Walkthrough
OverTheWire Natas Solution
Introduction
In this level, I'll give you a walkthrough to the natas wargame Level 2 -> Level 3. We will learn about web crawlers and use robots.txt file to get the password.
Goal
Login to natas3 and get the password for next level.
Login details
URL - http://natas3.natas.labs.overthewire.org
Username - natas3
Password - G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q
Theory
Web crawlers are bots that are operated by search engines and are used to index the webpages across the internet so that the websites can appear in the results when somebody searches some content.
robots.txt is a file which tells the web crawlers which URL's
the crawler cannot access on the website. Content syntax inside the robots.txt
file is as follows-:
User-agent: *
Disallow: /
User-agent - Mention the bot name here. "*"
signifies all the bots.
Disallow - Mention the files that the bot is not supposed to
access. "/" denotes that the bot cannot access any page on the
website.
If a bot wants to visit the URL - "www.abcd.com"
then it will by default visit "www.abcd.com/robots.txt" first to see
the disallowed list.
Solution
Open the URL in a browser. Enter the username and password mentioned above.
The below screen appears on successfully logging in that gives the message that there is nothing on this page.
Lets see the source code. Right click and select "View page source".
We do not see the password in the source code as well. However, it is mentioned that "Not even google will be able to find it this time". This might be as a hint to check the robots.txt file. Therefore, we will check the robots.txt file. Type in the URL - http://natas3.natas.labs.overthewire.org/robots.txt
Click on the users.txt file to see its content.
This completes the walkthrough for Level 3 as we have got the password for natas4. Please post your questions and doubts in the comment section.
Comments
Post a Comment