Natas 3
solution: After seeing the hint in source page.(<!-- No more information leaks!! Not even Google will find it this time... -->) Then started seeing robots.txt in same directory And i found the following line in that robots.txt page User-agent: * Disallow: /s3cr3t/ In that s3cr3t page i have found user.txt file.After opening that file i found next level username and password. natas4 : 8ywPLDUB2yY2ujFnwGUdWWp8MT4yZrqz Natas 4 solution: After seeing the Error message displayed in that page . I decided to to send this page request using referrer 'http://natas5.natas.labs.overthewire.org' in header . For that i used Tamper Data addon in firefox and changed the Referrer field in that header . After doing these steps i got credentials of next level. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq Natas 5 Solution: Error message throws saying that you have to log in to access this page. So i checked all the details of the page .And i noticed the cookie "loggedin" set as 0 And i changed that value into 1 and using Firefox Addon "Cookies Manager+ " And i refreshed that page and got credentials of next level. Natas 6 : aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1 Vulnerability: Cookie Poisoning : Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity. To prevent Cookie Poisoning follow this link: http://stackoverflow.com/questions/1633062/how-to-prevent-cookie-poisoning
0 Comments
|
Details
Categories
All
Archives
June 2017
Vivek N
An idea can change your life :) |