Another day, anther challenge…
In today’s challenge we will solve level 3 from the Natas wargame. Let’s begin.
Going to the following link, and entering the username of “natas3” and password we retrieved from the second challenge we see:
Password from level 2:
Pressing Enter we see:
Doing a right click, view source we see:
Hmm… we have a hint. “No more information leaks!! Not even Google will find it this time…”
Knowing a thing or two about how Google indexes websites, I know that some websites use a robots.txt file. Let’s see if this website is using that.
Entering “robots.txt” at the end of the URL we see:
OK – the first parameter user-agent specifies that any agent is allowed. We’re disallowing the /s3cr3t/ folder. Let’s go to this folder and see what’s there…
Entering the /s3cret/ folder we see:
Hmm… there’s a users.txt file. Let’s see what’s there.
We found the password for level 4!