OverTheWire - Natas - Level 3 → Level 4
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Login using given credentials.
URL: http://natas4.natas.labs.overthewire.org
Username: natas4
Password: Z9tkxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The message on the page is:
Access disallowed. You are visiting from "" while authorized users should come only from “http://natas5.natas.labs.overthewire.org/"
After clicking “Refresh page” on the site, the message changes to:
Access disallowed. You are visiting from “http://natas4.natas.labs.overthewire.org/" while authorized users should come only from “http://natas5.natas.labs.overthewire.org/"
This means, that the page checks the “Referer”-Header value and want’s it to be “http://natas5.natas.labs.overthewire.org/"
. This can be done using any tool that allows editing the HTTP-Header values.
I’m using Burp and add following to the Request-Header:
| |
Result is:
Access granted. The password for natas5 is iX6Ixxxxxxxxxxxxxxxxxxxxxxxxxxxx