Wargame: Natas 0–2 with python

Photo by Shahadat Rahman on Unsplash

Natas is a wargame on the hosted at https://overthewire.org/wargames/natas/. My goal for this is to document my progress in solving these challenges as I plan to solve them with python as I learn python.

Natas 0:
This level gives you the first username and password so that you can log in to the game and attempt to find the next password. I always try to solve the challenge with the GUI so that I know where to look for the flag. To do so for this level, you can view the source code for this page and clearly see that the password is in the comments.

Natas0

So to solve this with python we will be using the requests, requests.auth, and re modules that will need to be imported. I started by setting my variables as seen in lines 5–7, I created variables for username, password, and site. Directly following those variables in line 8 using the requests module, I use a get request to access the site variable as well as pass the type of authentication the site requires, and the credentials to login to the site. This will be a recurring theme throughout this series.

I save the output of the site to a variable, then with requests I call the text of the site. Using regex, I’m able to look through the output variable searching for exactly natas followed by some number is followed by 1 or more word characters in it’s own group. This allows me to just print out the flag alone.

So when running this script, the only output is the flag.

Natas 1:
This level is solved in a very similar manner as the natas0, but you aren’t able to right click on the page to bring up the page source. Alternatively, you can press the F12 key on your keyboard, and it will bring up the developer tools for most browsers. I’m using Google Chrome, so in my browse, once I pressed F12 there is a sources tab, which you can click on and click on the index.html file which will show the page source information just like if you had right clicked and chosen view page source.

Natas1

For python this level is solved in exactly the same way as natas 0 with the only difference changing out the username and password variable for the new username and password retrieved from the last level.

Natas 2:
To solve this level we will use some of the same tactics that we have used in the last 2 levels, and just build on them. Once we log in with the credentials retrieved from the last level, we are presented with a blank screen with text that reads “There is nothing on this page”. If we check the page source as we have done before, we will see that the password is nowhere to be found, but there appears to be an image on the page called pixel.png. This file is hosted in a directory called files.

If we try to go to this directory in our browser http://natas2.natas.labs.overthewire.org/files/ notice that there are 2 files there, pixel.png and users.txt. Opening users.txt reveals the password we are looking for.

For python we can use the same program that we used for the last 2, but lets update the username and password variables. Notice in the screenshot, I also changed the website path to go to the users.txt file. Once there we can use a regex string to find the password, but the password is stored in a slightly different manner, we just need to add a colon :, and remove the ‘is’ from between natas\d and the password.