Login

Username: natas4
Password: Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ
URL: http://natas4.natas.labs.overthewire.org

Solution

Alright. It looks like we have to make this server think we came from http://natas5.natas.labs.overthewire.org/. There’s a couple of places it could be getting this information from. Let’s check cookies…

Nope. Googling shows that that’s a Cloudflare identification cookie. Not useful to us.

Another place is the HTTP header.

There’s plenty of tools that can edit request headers, both in Kali Linux and as Chrome plugins. But let’s try using curlcurl is a tool that transfers data from a server to a client. So when you use it on a webpage, you download the source code. You can also customise your headers. So let’s set the Referer header to http://natas5.natas.labs.overthewire.org/.

We use -H to specify a header and -u to specify the user. Then we provide the password, and voila.

Yahoo.