Of course we don’t spoiler any password in plain 1:1 text on our posts! But our goal is to help you any further with the challenge. While we helping you further, our main goal is that you learn something about it. The reasons why this work or how you should operate. We strongly advise you to first try to solve the challenges yourself (Try harder mentality get appreciated in the hacker world!). But we know like no others, how difficult if could be, if you don’t know in which direction you should look to solve a challenge. For this we make the walk-trough series where you might learn new techniques and tooling to hack with!
What is overthewire?
Overthewire is a community based webpage where they publish awesome Capture the flag (CTF) challenges. The goal of CTF challenges is to complete a level and capture the key. Most CTF challenges unlocks points, status or a new level when you solved it and submitted the “flag”. Mainly a flag is based on a specific string which can be found somewhere in the challenge and acts like a password, other types of flags could be images or text files.
Why the Natas series?
Natas is an awesome way to learn more about the basics of server side web-security. Every hacker should start somewhere, and natas is a great way to step into the world of web hacking. The challenges starts easy, but after each level the difficulty increases.
How the natas series works
Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.
Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.
Hiding the spoilers
Since we all hate spoilers, we leave the decision for you whether you watch it or not. An example is given below.