{"id":527,"date":"2015-01-24T17:01:00","date_gmt":"2015-01-24T17:01:00","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=527"},"modified":"2016-10-26T15:23:42","modified_gmt":"2016-10-26T15:23:42","slug":"overthewire-natas-4","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-natas-4\/","title":{"rendered":"OvertheWire \u2013 Natas 4"},"content":{"rendered":"<div class=\"entry-content\">\n<p class=\"entry-content\"><strong>Recap of Last Lesson:<\/strong> We learned about robots.txt and how websites prevent being indexed by search engines.<\/p>\n<p class=\"entry-content\"><a href=\"http:\/\/natas4.natas.labs.overthewire.org\/\"><strong>Natas Level 4<\/strong><\/a><\/p>\n<p class=\"entry-content\"><strong>Objective<\/strong><\/p>\n<p class=\"entry-content\">Find the password to log into level 5.<\/p>\n<p class=\"entry-content\"><strong>Intel Given<\/strong><\/p>\n<div class=\"entry-content\">\n<ul>\n<li>URL: http:\/\/natas4.natas.labs.overthewire.org\/<\/li>\n<li>Access Disallowed<\/li>\n<\/ul>\n<\/div>\n<p><!--more--><\/p>\n<p><strong>How to<\/strong><\/p>\n<p>When we come to the page we are greeted immediately by an <a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/natas4.png\">error message.<\/a>\u00a0 It says, &#8220;Access disallowed.\u00a0 You are visiting from &#8221; &#8221; while authorized users should come only from &#8220;http:\/\/natas5.natas.labs.overthewire.org\/&#8221;.\u00a0 What is inside the quotes may vary for you, if you just pasted the URL in your browser it will be blank like it is for me.\u00a0 So the question is now, how does the page know where we came from?\u00a0 To understand this, we need to learn a little about <a href=\"http:\/\/en.wikipedia.org\/wiki\/Hypertext_Transfer_Protocol\">HTTP<\/a>.\u00a0 HTTP is an important protocol to understand, I suggest you take some time to learn as much about it as you can. Hopefully, through your research you should have come to take a look at the different HTTP <a href=\"http:\/\/en.wikipedia.org\/wiki\/List_of_HTTP_header_fields#Request_fields\">Request fields<\/a>. Find anything that looks like it might give information where we are coming from?\u00a0 If not,\u00a0 look harder.\u00a0 Still stumped? Check it out <a href=\"http:\/\/en.wikipedia.org\/wiki\/HTTP_referer\">here<\/a>.<\/p>\n<\/div>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\">Ok, enough background.\u00a0 Lets get to thinking.\u00a0 How do we get referred from natas5?\u00a0 We don&#8217;t have access to natas5 yet!\u00a0 Oh right, we are hackers after-all.\u00a0 What do we do?\u00a0 We spoof it. How you may ask?\u00a0 Well, one way we can do that is by using a HTTP proxy to intercept the packet before it hits the wire.\u00a0 Note: there are a LOT of ways to do this, but for my example, I&#8217;m going to use a firefox extension called &#8220;<a href=\"https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/tamper-data\/\">Tamper Data<\/a>.&#8221;\u00a0 Relatively, it&#8217;s pretty simple use.\u00a0 Install the add on and run it, you may have to restart your browser. Go ahead and open it up.\u00a0 Hit the &#8220;Start Tamper&#8221; button and click &#8220;Refresh page&#8221; on Natas4.\u00a0 You should see a <a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/tamper.png\">request to intercept<\/a>. If you select &#8220;Tamper&#8221; you should be taken to the <a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/referer.png\">Tamper Popup.<\/a>\u00a0 Guess which field we are going to change?\u00a0 Yep, you guessed it.\u00a0 The Referer.\u00a0 Change the value to what the webpage wants, and send it.\u00a0\u00a0\u00a0 Assuming it works, you should see <a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/4sucess.png\">Access Granted<\/a>.<\/p>\n<div class=\"entry-content\"><\/div>\n<div class=\"entry-content\"><strong>Conclusion<\/strong><\/div>\n<div class=\"entry-content\">We learned about the HTTP protocol and the different HTTP fields, an learned how to use a proxy to intercept HTTP requests.<\/div>\n<\/div>\n<p><!--more--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Last Lesson: We learned about robots.txt and how websites prevent being indexed by search engines. Natas Level 4 Objective Find the password to log into level 5. Intel Given URL: http:\/\/natas4.natas.labs.overthewire.org\/ Access Disallowed<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44,49],"tags":[57,45,46],"class_list":["post-527","post","type-post","status-publish","format-standard","hentry","category-overthewire","category-tutorials","tag-natas","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-8v","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=527"}],"version-history":[{"count":4,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/527\/revisions"}],"predecessor-version":[{"id":531,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/527\/revisions\/531"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}