August 14, 2019
Logging into natas7, we see 2 links, one to home, the other one to about web pages.
Here we can see both home and about web pages showing the exact same thing.
Both gives hints that the password for the next level is located in the /etc/natas/webpass/ folder.
Playing around with the address bar and the /etc/ path, we get an error specifying that the current path we inserted in the URL can’t be open in the specific directory.
This error fully tells us where we are in the directory folder. Here we can use Directory Traversal Attack (DTA) to navigate the web servers folders and files.
Toying around with DTA in the address bar we were able to find the password for the next level.