OverTheWire: Natas Level 7 – #appsec #webapp #websecurity #wargames

Another day, another challenge…

In today’s blog post we will solve level 7 from the Natas wargame challenge.

Let’s begin.

Going to the following link, and entering username “natas7” and password “7z3hEENjQtflzgnT29q7wAvMNfZdh0i9” we see the following:



Hmm… we see a Home and About links. Let’s click the links and see what happens.



After clicking the links we see there’s not much that’s showing on the screen.

Let’s view the source and see if there are any hints there.

Doing a right click, view page source we see:


Hmm… we see a comment that says, “password for webuser natas8 is in /etc/natas_webpass/natas8”

How can we use this information?

Looking at the above screenshots of Home and About – we notice that at the end of the URL it’s referencing a page. For instance for the home page it’s “page=Home” and for About it’s “page=About”. Let’s try to change the page name to the hint that was provided to us.

Changing the URL to: http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8, we see…


the flag!

OverTheWire: Natas Level 0 #appsec #webapp #websecurity #wargames

Another day, another challenge…

Today’s challenge we’re going to solve the first level of the Natas wargame challenge.

Let’s begin.

Going to the first level, we see the following:


Entering the URL we see the following prompt:


Entering the username and password of “Natas0” we see the following:


Doing a right click, and selecting “View Page Source” we see:


We found the password for natas1! We’ll solve that challenge in the next blog post…