Natas6

Website URL: http://overthewire.org/wargames/natas/natas6.html

According to the data on the OverTheWire webpage.

Username: natas6
URL:      http://natas6.natas.labs.overthewire.org

Let’s log into the URL for Natas5

Hmm, let’s checkout the source code.

Going through the source code doesn’t reveal anything. However, there must be some flag somewhere that’s deciding whether we are logged in or not. One way to do that discreetly would be cookies. Let’s look at the cookie for this website.

To do that, we can switch to the Console view and type “document.cookie” to view the cookie.

Bingo! Now we need to just tamper that field “loggedin=0” to “loggedin=1”. Let’s go back to our HackBar plugin. Load the URL and Select Cookies. In the text field, enter the parameter i.e. “loggedin=1” and Execute.

Done!

Note: There are manual methods to tamper as well. I will cover those in another post.