{"id":482,"date":"2015-01-23T05:35:48","date_gmt":"2015-01-23T05:35:48","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=482"},"modified":"2016-10-26T15:23:42","modified_gmt":"2016-10-26T15:23:42","slug":"overthewire-natas-3","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-natas-3\/","title":{"rendered":"OvertheWire \u2013 Natas 3"},"content":{"rendered":"<div class=\"entry-content\">\n<p class=\"entry-content\"><strong>Recap of Last Lesson:<\/strong> We covered explored the files within Natas2 through viewing indexed directories.<\/p>\n<p class=\"entry-content\"><a href=\"http:\/\/natas3.natas.labs.overthewire.org\/\"><strong>Natas Level 3<\/strong><\/a><\/p>\n<p class=\"entry-content\"><strong>Objective<\/strong><\/p>\n<p class=\"entry-content\">Find the password to log into level 4.<\/p>\n<p class=\"entry-content\"><strong>Intel Given<\/strong><\/p>\n<div class=\"entry-content\">\n<ul>\n<li>URL: http:\/\/natas3.natas.labs.overthewire.org\/<\/li>\n<\/ul>\n<\/div>\n<p><!--more--><\/p>\n<p><strong>How to<\/strong><\/p>\n<p>Same as always, we get very little info on the page. Using our tactics from earlier exercises, we <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/leak1.png\">view the source<\/a>.<\/p>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">We see something interesting in the comments.<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">\n<pre id=\"line1\"><span class=\"comment\">&lt;!-- No more information leaks!! Not even Google will find it this time... --&gt;<\/span><\/pre>\n<\/div>\n<div class=\"entry-content\">\n<p>Not even Google, huh? How would a webmaster go against having Google indexing their website? <a href=\"http:\/\/www.google.com\/insidesearch\/howsearchworks\/crawling-indexing.html\">Lets go ask Google.<\/a><\/p>\n<p>Google describes this process for us:<\/p>\n<p>&#8220;Site owners have many choices about how Google crawls and indexes their sites through Webmaster Tools and a file called \u201c<a href=\"https:\/\/developers.google.com\/webmasters\/control-crawl-index\/docs\/robots_meta_tag?hl=en\">robots.txt<\/a>\u201d. With the robots.txt file, site owners can choose not to be crawled by Googlebot, or they can provide more specific instructions about how to process pages on their sites. &#8221;<\/p>\n<\/div>\n<div class=\"entry-content\">\n<p>Lets dig a little deeper. The \/robots.txt is a de-facto standard, which means it is not published by any governing body but it is universally accepted. To learn more about this file we can go to <a href=\"http:\/\/www.robotstxt.org\/robotstxt.html\">http:\/\/www.robotstxt.org\/robotstxt.html<\/a> as they describe how to use this file. They suggest putting this file in the top level of the directory, so lets go <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/disallow1.png\">look there<\/a>.<\/p>\n<p>Aha. Looks like we found our &#8220;hidden&#8221; directory. Inside the <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/secretindex1.png\">directory, <\/a>we find exactly what we were <a href=\"http:\/\/www.snarlsburg.com\/wp-content\/uploads\/2015\/01\/natas4pass1.png\">looking for<\/a>. Easy peasy. *WARNING* keep in mind that this file will stop honest crawlers (like google) from indexing your website. It will not stop hackers, and they make look for this to crawl specifically.<\/p>\n<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\"><strong>Conclusion<\/strong><\/div>\n<div class=\"entry-content\">We covered the robots.txt file, what it is and how it is used. To learn more about it, read the page provided from Google as well as the robotstxt website.<\/div>\n<\/div>\n<p><!--more--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Last Lesson: We covered explored the files within Natas2 through viewing indexed directories. Natas Level 3 Objective Find the password to log into level 4. Intel Given URL: http:\/\/natas3.natas.labs.overthewire.org\/<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44,49],"tags":[57,45,46],"class_list":["post-482","post","type-post","status-publish","format-standard","hentry","category-overthewire","category-tutorials","tag-natas","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-7M","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=482"}],"version-history":[{"count":4,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/482\/revisions"}],"predecessor-version":[{"id":484,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/482\/revisions\/484"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}