Credentials

Username: natas4
Password: tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm
URL:      <http://natas4.natas.labs.overthewire.org>

Working

Page says we’re not allowed to access the password because we’re considered unauthorized users as authorized user visit from "http://natas5.natas.labs.overthewire.org/"

web.png

Methodology

  1. Visit Lab URL.
  2. Set up a listener/interceptor to the web-page like MITM(man in the middle) or you can use zaproxy or burpsuite. I’m using burpsuite in this method.
  3. Setup burpsuite proxy configuration in your browser and Turn on the interceptor on burpsuite on proxy tab.
  4. Visit Lab Url again in your browser, this time the interceptor on burpsuite picks up the request.
  5. Edit Headers by adding Referfer (according to website, authorize user only comes from http://natas5.natas.labs.overthewire.org/),
Referer: <http://natas5.natas.labs.overthewire.org/>

referer.png

  1. Click on Forward button and see the website with credentials in your Browser page.

Findings

Credentials for next level can be seen here.

browserpass.png

Password: Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD