Hackavision

Starting today, I will start releasing how-tos on hacking the Metasploitable distro of Linux released by the creators of Metasploit in which I will go through how to determine if a system is exploitable, how to use Metasploit, how to load modules and run exploits, and what to do once you have exploited a system. I hope these posts, starting with this (#1), teach the readers the important parts of using Metasploit as well as the basics of Pentesting and exploitation. This is by no means a thorough series on exploitation, but a way to get basic users' hands wet in the world of exploitation and hacking.

So we cracked Level 4  with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5 , and after logging it it presents us with a weird page: Well wait, didn't we just log in? Why does it say we aren't?

So Level 3  required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4 . When we load up this level, we are welcomed by the following error: So it can see where we are coming from, and it doesn't like it.

After breaking Level 2  with some knowledge of how web servers hold their data, we move on to Level 3  which presents us with the same page as level 2:

So Level 1  wasn't that bad, either. Let's start Level 2  with the credentials that we found in the previous level. When we load up level 2, we are presented with this: Kind of ironic since there's text, right?

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder. For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire  has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me! Going to the front page of Natas , it gives us the creds to get into level 0, so we need to find level 1's creds somehow.