Natas teaches the basics of serverside web-security.

Last update: Nov 27, 2021

Overview

over-the-wire-natas

Natas teaches the basics of serverside web-security.

Each level of natas consists of its own website located at http://natasX.natas.labs.overthewire.org, where X is the level number. There is no SSH login. To access a level, enter the username for that level (e.g. natas0 for level 0) and its password.

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

https://overthewire.org/wargames/natas/

Start here:

Username: natas0
Password: natas0
URL: http://natas0.natas.labs.overthewire.org

Owner

Siddhant Chouhan

Cyber Security Enthusiast

GitHub Repository

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

evil-stalker How to run First of all, you must install the necessary libraries.

6 Nov 16, 2022

Local server for IDA Lumina feature

About POC of an offline server for IDA Lumina feature.

166 Dec 30, 2022

Lnkbomb - Malicious shortcut generator for collecting NTLM hashes from insecure file shares

Lnkbomb Lnkbomb is used for uploading malicious shortcut files to insecure file

216 Jan 08, 2023

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

CVE-2019-15514 Type: Information Disclosure Affected Users, Versions, Devices: All Telegram Users Still not fixed/unpatched. brute.py is available exp

66 Dec 08, 2022

Web Scraping com Python - Raspando Vagas para Programadores

Web Scraping com Python - Raspando Vagas para Programadores Sobre o Projeto Web

3 Dec 30, 2021

vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022

Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

Bluetooth Simple Denial Of Service (DoS) Legal Note This project is made only for educational purposes and for helping in Proofs of Concept. The autho

1 Jan 09, 2022

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

🕷️ Scarecrow 🕷️ Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts. It looks for processes with specific names to v

33 Sep 28, 2022

open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

7 Nov 09, 2022

Brainly-Scrambler - Brainly Scrambler With Python

Brainly-Scrambler Untuk admin brainly jangan lupa pasang captcha mu Note: Kamu

8 Feb 24, 2022

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not. The program requests the hash of the file and outputs information (if any). This version will

1 Jan 03, 2022

MozDef: Mozilla Enterprise Defense Platform

MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def

2.2k Jan 08, 2023

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

96 Dec 14, 2022

GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

121 Dec 14, 2022

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

About: Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux an

861 Feb 18, 2021

Natas teaches the basics of serverside web-security.

Related tags

Overview

over-the-wire-natas

Owner

Siddhant Chouhan

Evil-stalker - A simple tool written in python, it is so simple that it is based on google dorks

Local server for IDA Lumina feature

Lnkbomb - Malicious shortcut generator for collecting NTLM hashes from insecure file shares

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

Web Scraping com Python - Raspando Vagas para Programadores

vulnerable APIs

Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

Brainly-Scrambler - Brainly Scrambler With Python

AmiEviL - This program uses the Virus Total API to determine if your suspicious file is malicious or not

MozDef: Mozilla Enterprise Defense Platform

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

GitHub Advance Security Compliance Action

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

Dumps the payload.bin image found in Android update images.

利用NTLM Hash读取Exchange邮件

Python tool for dumping flash via uboot reliably

Log4j-Scanner with Bind-Receipt and custom hostnames