 Right. Hello everybody. Welcome back to the YouTube video. My name is John Hammond And we are back looking at over the wire the online war games and now we're moving into the war game Natas Which it's all about web application stuff like web security. So I like this. Honestly, this is kind of my favorite category This is what I'm really interested in web application security because I think that's more applicable to like real-world bug bounties and cool things like that So I really like a lot of these challenges and they start off pretty pretty not too bad And then they kind of ramp up to real cool stuff like blind sequel injection and cookie stealing etc, etc So I want to show you how to roll through some of these and I'm gonna do it in a little bit of a different way where I actually create some get flag scripts or really just small containerized Just individual standalone files or Python code that will be able to solve a level for us or at least retrieve the pastor for the next level So let's go ahead and get started You'll notice here that Passwords are stored in a file inside the file structure as we're used to in Leviathan and Bandit We just go by the level Name so Natas and the level number that we're on Zero, etc and by default it starts with Natas zero as the password just like all the other All the other war games that we played so we can copy and paste this URL in here and we'll use Natas zero and Natas zero to authenticate and we can view the Kind of file that we're gonna be presented with or the web page that's returned to us In our browser right here. It says you can find the pastor for the next level on this page Obviously, there's nothing really in the text here. I can use control I just like everything but there's nothing there. So Control you to view the source or if you really wanted to you could right-click Probably with your web browser and select a view page source. It'll do the same thing Control you is just a hotkey that I typically use and see for it And we see this HTML comment right here that says the pastor for Natas one is this string Okay, so super easy level zero was not hard at all But let's get set up with actually rolling through this in in Python and through a script So I've got my command line ready for us Again, I have this directory over the wire that has some of the folders for the other war games We've been doing between Banda and Leviathan, but now let's make one dedicated to Natas and Let's use sublime text and I'll call this Natas zero dot pi So I'm using sublime text Sublime text to and I'm using that because I wanted to use the build view plug-in That's gonna let me split the screen and actually view the output of my command The output of my script on a side-by-side not a vertical build like sublime normally does So let's create a should bang line here to create a script for us I'm also using the dark neon theme if you guys haven't heard of that you can install it with the install package Command from the command palette and sublime text control shift P to bring that up if you don't have that installed or set up you can just build up that package with the package controller if you Google that sublime text package Control You have a package manager you can get to and it shows you installation and stuff that you can just easily enter into the Console and either sublime text through your sublime text to again. I'm using sublime text to here So I can use the package build view Which will Build the output of my script in a separate tab So that way I can split the window with can shift alt and to the number of windows I want here, which is to so now I have side-by-side The windows and my code and the build output that I can move back and forth with and actually do stuff within sublime text So that's pretty handy. So I'm gonna go ahead and interact with these webpages with the requests module in Python Which I don't have a tutorial series on but I very very much intend to because it's a better url Lib and can do really awesome stuff if you don't have that installed you should be able to just do a pseudo pip install requests and if you don't have pip installed you can probably do a pseudo apket install Python Attack pip and it'll need your password and everything just like any pseudo command would so Let's import requests Let's import re I'm going to use the regular expressions module so I can quickly just grab out the password for the next level here and Let's create a variable for our username Natas is zero In this case the password is going to be the same Since this is just a unique case, but we want the url to equal. Let's get this build view out of here Handy that I can just kind of slide this to the side Whoa clicking everything. All right We can go ahead and copy and paste the url here and let's actually replace the username in here, so now we can use requests dot get URL and That will return at HTTP Get that will actually do an HTTP or get request to access the URL and we'll store it in a response variable so if we wanted to see that we can print it out and We are getting a 401 which if we view the text of that to see that actual response here That's because oh, we didn't authenticate with it We're getting that 401 here because we didn't supply the username and password We can do that in the code here with off equals and then username and password off being the function keyword arguments to the get request and just using a tuple for our username and password Now when we run this you can see we've returned the source code of the web page So what I'm going to do up here now is just set the syntax to HTML Again, I hit control shift P to tell sublime text that that's what I wanted to do and now we've got the like Website source code just that web page code all the HTML just like we viewed in our browser a moment ago But now within sublime text so we can copy and paste this out if we want to or we can go ahead and just get our Regular expressions module to parse through it, so I'm going to call this variable content and then I'm going to print Content or re dot find all sorry find all being the regular expression that I Function that I want to use and I'm just going to Copy this HTML string here so I can use kind of a cheap hack to scrape out only that password part using regular expressions here Using the parentheses to say I want this item this element and I'm going to use Period and to denote any character and I'm using asterisk to denote multiple of these multiple of these any characters and then we'll pass in content here. I Don't want caps lock on cool So now when I run this Let's move our build output to the side here. You can see it returns an array of everything that it found and let's use the Zero index here to just scrape that out Nice and easy cool. So that's the password for level one so we can save this as Natus zero, but now we can just go ahead and save another script call this natus one dot pi Change the username that we're working with because we do can move it to the next level here And let's paste in the password that we have so now Our script will automatically jump to where we were previously. Let's print out the content. What's the response? We're getting here and And if we see here again html source code the web page source code and We just pretty much got past the next level because how do we gone to this on our own over in the web browser? Natus one Natus one pasting the password here. It says you can find the password for the next level on this page But right-clicking has been blocked. It seems okay in my web browser Again, maybe maybe it's not in yours again control you will get you to the source code and you can see it here But doing this through Python doing this through code is still going to get us the same result We're just getting the response of the web page. So now we can just change our Our code here have regular expressions parse out that html comments again change it for Natus 2 and we can Not print the content and we can just print out what we find here We are getting the flag or the password for the next level right here. So now we can save this as Natus 2 Change the username to the correct Natus 2 and Comment out this one print the content that we're seeing again and now we're into level 3 cool All right, so We're set up. We're rolling. We've got some Python code. That's letting us move through the Natus levels that we would normally be able to interact with through the web browser, but We can still do that if we really wanted to But we're getting a little bit more in the weeds and creating some automated tools and scripts that will Do the really cool stuff for us and learning a little bit of Python and stuff like that and doing some cool magic and sublime text So we'll keep rolling with this in the next couple videos. I hope you guys are enjoying these Hope you guys like the quality video Whatever it is and really the personality that you've got with this series. So thanks again for watching I'll see you in the next video. Hopefully to me next time