About Me
Avatar
Part time CTF Player learn every day!!
🌠 I Love Hoshimachi Suisei!! 🌠
🌠 I Love Hoshimachi Suisei!! 🌠

OverTheWire Natas Level 2 → 3 tutorial!!

overthewire natas walkthrough ctf web beginner
Published on 15 Dec 2023

Login

URL: http://natas3.natas.labs.overthewire.org
Credentials: natas3:3gqisGdR0pjm6tpkDKdIWO2hSvchLeYH

homepage

Task

The page looks blank, but maybe hidden paths exist. Let’s check robots.txt — a common file that reveals excluded directories for crawlers.

A little bit of Theory

  • robots.txt lives at the site root and lists paths search engines should not crawl.
  • Example: 
    User-agent: *
Disallow: /secret/
  • This is only advisory for bots, but humans can still visit those paths.

Further reading:

Solution

  1. Visit robots.txt: http://natas3.natas.labs.overthewire.org/robots.txt

    robots.txt

    It disallows /s3cr3t/.

  2. Browse the disallowed path: http://natas3.natas.labs.overthewire.org/s3cr3t/

    directory

    A users.txt file is listed.

  3. Open users.txt:

    users.txt

    Inside is the password for natas4.

  4. Log into the next level:

Password

QryZXc2e0zahULdHrtHxzyYkj59kUxLQ

Troubleshooting

  • 404 on robots.txt? → Make sure you’re logged in as natas3.
  • Directory empty? → Don’t forget the trailing /s3cr3t/.
  • Wrong password? → Only copy the actual password value, not the natas4: prefix.

Congrats 🎉 You discovered how robots.txt can reveal sensitive directories and retrieved the password for natas4!

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨

Cinema

related posts

all tags

GOT-overwrite aboutme aead ai alphanumeric-shellcode apt argc0 argon2 aslr assembly asymmetric atoi automation backbox bandit base64 bash beginner behemoth binary binary-exploitation binary-to-ascii blackarch blind blind-sqli blogging blue-team bruteforce buffer-overflow buffer-overwrite c caesar canary capabilities checksec command-injection commonmark cookie cron crypto cryptography ctf cutter cyberchef cybersecurity defenders detection dev directory-traversal dnf docs drifter ecc education elf env envp exploitation finale forensics format-string formulaone frequency frequency-analysis gcc gdb getchar gfm ghidra github-pages governance gpg guide hashing hkdf http jekyll jmpbuf kali kasiski kdf kernel keylength kramdown krypton lab ld_preload leviathan lfi lfsr linux linux-syscall llmops log-poisoning ltrace manpage markdown maze memcpy mitigations mitmproxy mlops narnia natas networking newline-injection nonce nop-sled nx object-injection obsidian openssl osint overflow overthewire package-manager pacman parrot path path-hijacking pathname php pie pkc pki pointer-trick pqc priv-esc privilege-escalation provable-security pwn pwntools pyshark python race-condition radare2 rag randomness recon red-team redirect relro requests ret2env ret2libc reverse-engineering reversing ricing roadmap rop rot13 rsa scapy security seed seo serialization session setjmp-longjmp setuid shell shellcode smoke soc sockets sprintf sql-injection srop stack-canary stack-overflow strace strcmp strcpy streamcipher strings strncpy strtoul substitution suid suisei symlink symmetric terminal test threat-intel time-based tls troubleshooting tshark type-juggling ubuntu udp utumno vigenere virtualbox virtualization vmware vortex walkthrough web windows wireshark writing wsl x86
dash theme for Jekyll by bitbrain made with