{"id":480,"date":"2015-01-23T05:35:03","date_gmt":"2015-01-23T05:35:03","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=480"},"modified":"2016-10-26T15:23:43","modified_gmt":"2016-10-26T15:23:43","slug":"overthewire-natas-2","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-natas-2\/","title":{"rendered":"OvertheWire \u2013 Natas 2"},"content":{"rendered":"<div class=\"entry-content\">\n<p><strong>Recap of Last Lesson:<\/strong> We evaded a security control designed to prevent us from viewing the source code.<\/p>\n<p><a href=\"http:\/\/natas2.natas.labs.overthewire.org\/\"><strong>Natas Level 2<\/strong><\/a><\/p>\n<p><strong>Objective<\/strong><\/p>\n<p>Find the password to log into level 3.<\/p>\n<p><strong>Intel Given<\/strong><\/p>\n<ul>\n<li>URL: http:\/\/natas2.natas.labs.overthewire.org\/<\/li>\n<\/ul>\n<p><!--more--><br \/>\n<strong>How to<\/strong><\/p>\n<p>We come into this challenge with very little to go off of. Following the basic steps we learned in the previous challenges, we should <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/pixel.png\">view the source code<\/a>. Huh. No password there this time. In fact, there seems to be nothing. This is the part where we need to think like hackers. Often times, we are not looking for the answer. We are looking for something that will<em> lead us closer to the answer<\/em>. Do you see anything new on the page? I do.<\/p>\n<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">There appears to be an image file. Lets check it out. Now, there is something important to note about that image. It is linked using a <strong>relative path<\/strong>. What this means is the location is specified <strong>relative<\/strong> to where we are now. The file-system on a website is not dissimilar to the file-system on your machine right now. so when we see:<br \/>\n<em>&lt;img src=&#8221;files\/pixel.png&#8221;&gt; <\/em><br \/>\nWhat we are looking at is:<br \/>\n<em>http:\/\/natas2.natas.labs.overthewire.org\/files\/pixel.png<\/em><br \/>\nbecause we are currently looking at a file at:<\/div>\n<div class=\"entry-content\"><em>http:\/\/natas2.natas.labs.overthewire.org\/<\/em><\/div>\n<div class=\"entry-content\">So lets check it out.<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">Hmmm. Just seems to be a <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/pixel2.png\">stupid pixel<\/a>. Lets think back again at that relative path. It is on the website, inside a folder called <em>files<\/em>. I wonder if there is anything else in that folder. But how can we check? It&#8217;s actually pretty simple. Lets just<a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/index1.png\"> browse to it.<\/a><\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">Well look at that. There is something there. What we are seeing is a directory index. Most websites will have directory indexing turned off. Lucky for us, this wasn&#8217;t the case. lets go check out that other <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/passwords1.png\">interesting file.<\/a> And there we have it. Use the information to log into Natas3.<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\"><strong>Conclusion<\/strong><\/div>\n<div class=\"entry-content\">We covered the importance of paying attention to detail, as well as getting on an understanding of what a <em>relative path<\/em> is, as well as exploring a site with <em>directory indexing<\/em> enabled.<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Last Lesson: We evaded a security control designed to prevent us from viewing the source code. Natas Level 2 Objective Find the password to log into level 3. Intel Given URL: http:\/\/natas2.natas.labs.overthewire.org\/<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44,49],"tags":[57,45,46],"class_list":["post-480","post","type-post","status-publish","format-standard","hentry","category-overthewire","category-tutorials","tag-natas","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-7K","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=480"}],"version-history":[{"count":2,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/480\/revisions"}],"predecessor-version":[{"id":487,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/480\/revisions\/487"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=480"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=480"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}