- Browser developer mode
- OTG-INFO-005
Let's start by logging in using the credentials they provide us.
We head up to http://natas0.natas.labs.overthewire.org and see a very simple webpage, with nothing to interact with, our best option is to start looking at the source code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | <html> <head> <!-- This stuff in the header has nothing to do with the level --> <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css"> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" /> <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" /> <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script> <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script> <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script> <script>var wechallinfo = { "level": "natas0", "pass": "natas0" };</script></head> <body> <h1>natas0</h1> <div id="content"> You can find the password for the next level on this page. <!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto --> </div> </body> </html> |
Pretty simple isn't it? Looking at line 16 gives us the credentials for level 01:
| User | natas1 |
| Password | gtVrDuiDfck831PqWsLEZy5gyDz1clto |
This level is really simple, although it's supposed to be this way, there's more to it than you think, sometimes developers do forget to remove important information from the comments. OWASP mentions it on OTG-INFO-005.
Never Settle,
Never Settle,
No comments:
Post a Comment