Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better. We start with a single page, that has 2 navigation links. I noted that the URLs had a “page=” …

The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues. It starts out with a secret password prompt. I took a look at the sourcecode, via the link provided. I decided I would try and see if I could request the “secret.inc” file, and it …

Now that we’re about 1/3 through to the end of the OverTheWire Natas wargame, I’m hoping that they start to get a little more tricky. Level 5 unfortunately is still pretty easy. It starts by simply telling you that you’re not logged in. Logins often hand out cookies, so I viewed my …

Level 4 of OverTheWire’s Natas wargame starts a little different than the previous levels. It immediately presents you with an error message. I figured this was going to be due to the HTTP Referer. I guessed that one could solve this by using a proxy or a browser addon, such as Referer …

Continuing on with Level 3 of OverTheWire’s Natas wargame, I found the first page, like previous levels, saying that there was nothing on the page. I viewed the source and saw the strange comment about “Not even Google will find it”. After thinking about that for a minute, it …

Level 2 of OverTheWire’s Natas wargame is a little more fun than the previous two. It’s also pretty simple, though. You start out on a page that tells you that there is nothing on it. Like previous levels, I then viewed the source to see what was in the code. It appears that …