Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better.

We start with a single page, that has 2 navigation links.

I noted that the URLs had a …

The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues.

It starts out with a secret password prompt.

I took a look at the sourcecode, via the link provided.

I decided I would try and see if I could request the “secret.inc” file, …

Now that we’re about 1/3 through to the end of the OverTheWire Natas wargame, I’m hoping that they start to get a little more tricky. Level 5 unfortunately is still pretty easy.

It starts by simply telling you that you’re not logged in.

Logins often hand out cookies, so I viewed …

Level 4 of OverTheWire’s Natas wargame starts a little different than the previous levels. It immediately presents you with an error message.

I figured this was going to be due to the HTTP Referer. I guessed that one could solve this by using a proxy or a browser addon, such as Referer …

Continuing on with Level 3 of OverTheWire’s Natas wargame, I found the first page, like previous levels, saying that there was nothing on the page.

I viewed the source and saw the strange comment about “Not even Google will find it”.

After thinking about that for a minute, it …

Level 2 of OverTheWire’s Natas wargame is a little more fun than the previous two. It’s also pretty simple, though.

You start out on a page that tells you that there is nothing on it.

Like previous levels, I then viewed the source to see what was in the code.

It appears that …