Overthewire natas level 4

Walk-trough how to solve the natas level 4 challenge

Welcome in the natas series walk-trough where you landed on the page to solve level 4 by yourself! The goal is to achieve the flag for level 5.

Landing page

The Natas4 challenge says: The Access is disallowed, only user who comes from natas5 are allowed. So the goal in this challenge sounds easy, we have to move from level 5 to 4. But the password from 5 is in 4… We have to do like we’re from level 5. Where is that information stored?

HTTP Headers

HTTP headers allow the client and the server to pass additional information with the request or the response. A request header consists of its case-insensitive name followed by a colon ‘:‘, then by its value (without line breaks).

Headers can be grouped according to their contexts:

  • General header: Headers applying to both requests and responses but with no relation to the data eventually transmitted in the body.
  • Request header: Headers containing more information about the resource to be fetched or about the client itself.
  • Response header: Headers with additional information about the response, like its location or about the server itself (name and version etc.).
  • Entity header: Headers containing more information about the body of the entity, like its content length or its MIME-type

If we look deeper into the possibilies using the HTTP header, we can change the referrer.¬†More details about the referrer here. When ask for a webpage we’re talking about Request headers. The answer of the servers comes with the response header. We can also analyze our own header provided¬† by loading a site, as well as the server response. This can be down by opening the Developer options, under the network tab. To see the headers of the main page, look for /, index.html or even index.php. The headers can be found on the right side bar under the header tab.

Can we also add a referrer if it doens’t exist? or change its current settings to act as we come from level 5?

Be careful, spoilers inside!

Modifying headers using BurpSuite

For this we’ll make use of the tooling Burp Suite. If you haven’t setup burp yet with the correct proxy settings, I would recommend you to following this link. Otherwise lets create a new project!

After creating a new project go to Proxy > Intercept and turn Intercept On.

Now we control every network packet between the website and the PC, its time to refresh the page and capture the header. Ready for modification!

Analyzing using BurpSuite

Under Proxy>Intercept we see a packet which is a Request from to on port 80 and its IP. Zooming into the Raw tab we see a Get Request for the index.php, which is the main page of level 4 of the natas4 webpage. More below see the Referer: This is of course level 4, because after refreshing the page, we come from level 4 to… level 4. But how can we modify it?

Changing the referer

This is properly the easiest part, the raw page acts like a text file, just edit the 4 to 5 in the referer link. If you’re done, its time to finally forwards the page, which is already waiting for while now.

WhoopWhoop! Consider it done. There’s the password!


New techniques! New nerdy terms. Hopefully a learn-full post! Keep up the good work, hackerman…

Continue the road to level 5 using the following credentials

Username: natas5
Password: iX6IOfmp………………………….

Level 5



IT Technology student and hacker enthusiast

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also