Natas teaches the basics of serverside web-security.

Last update: Nov 27, 2021

Related tags

Security related resources over-the-wire-natas

Overview

over-the-wire-natas

Natas teaches the basics of serverside web-security.

Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

https://overthewire.org/wargames/natas/

Start here:

Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org

Owner

Siddhant Chouhan

Cyber Security Enthusiast

Siddhant Chouhan

GitHub Repository

MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

2 Mar 19, 2022

DCSync - DCSync Attack from Outside using Impacket

Adding DCSync Permissions Mostly copypasta from https://github.com/tothi/rbcd-at

77 Dec 16, 2022

RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022

Small Python library that adds password hashing methods to ORM objects

Password Mixin Mixin that adds some useful methods to ORM objects Compatible with Python 3.5 = 3.9 Install pip install password-mixin Setup first cre

5 Nov 22, 2022

A terminal based web shell controller

shell-hack Tribute to Chinese ant sword； A Powerful terminal based webshell controller； Usage : Usage : python3 shell-hack.py --url [URL] --w

10 Dec 28, 2021

GitGuardian Shield: protect your secrets with GitGuardian

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

1.2k Dec 27, 2022

DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

87 Dec 31, 2022

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

246 Dec 28, 2022

Dumping revelant information on compromised targets without AV detection

DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI (link ) We a

580 Jan 09, 2023

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities

Sqli-Scanner is a python3 script written to scan websites for SQL injection vulnerabilities Features 1 Scan one website 2 Scan multiple websites Insta

9 Dec 30, 2022

Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

15 May 21, 2022

Holehe OSINT - Email to Registered Accounts

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

3.8k Jan 06, 2023

Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

135 Dec 14, 2022

A OSINT tool coded in python

Argus Welcome to Argus, a OSINT tool coded in python. Disclaimer I Am not responsible what you do with the information that is given to you by my tool

2 Mar 20, 2022

Metasploit Multi Purpose Exploiting Toolkit For Termux

MSF-EXPLOIT MSF-ANDRO is a Metasploit Multi Purpose Exploiting Toolkit For Termux . Only a Basic Script , Still in Development . FEATURES : Install Me

22 Dec 29, 2022

2022-bridge - Example code belonging to the Bridge pattern video

Let's Take The Bridge Pattern To The Next Level This video covers how the bridge

11 Jun 14, 2022

A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms.

MacPer A python based tool that executes various CVEs to gain root privileges as root on various MAC OS platforms. Not all of the exploits directly sp

20 Nov 30, 2022

A Python script that can be used to check if a SAP system is affected by CVE-2022-22536

Vulnerability assessment for CVE-2022-22536 This repository contains a Python script that can be used to check if a SAP system is affected by CVE-2022

42 Dec 01, 2022

Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

5 Feb 02, 2022