Natas3

Finding hidden resources via robots.txt

By now, you should understand the basic layout of these challenges, so for now I'll skip the homepage details until a new page is shown.
After viewing the page source you are shown this:
natas 3 source view As you can see, on line 15 there is a comment that says
"No more information leaks!! Not even Google will find it this time..."

This hint points us to the robots.txt file because it is used to tell Google and other search engine crawlers which parts of a website they are forbidden to index. By claiming 'not even Google will find it,' the challenge is hinting that they hid the directory using this exact file.
And after visiting natas3.natas.labs.overthewire.org/robots.txt we are shown the following:
natas3/robots.txt file And after going to natas3.natas.labs.overthewire.org/s3cr3t/:
natas/s3cr3t/ directory And finally, after clicking the users.txt file:
s3cr3t/users.txt file We are shown the password for Natas 4.
QryZXc2e0zahULdHrtHxzyYkj59kUxLQ

Back