Natas is a web-based wargame hosted by Over The Wire. It was published in late October of 2012 to highlight web security vulnerabilities.
Here, you can find links to technical dissections of the various levels of Natas. These dissections are mini-white-papers designed to better illuminate the security issues emphasized throughout the wargame.
- Natas Level 0/1 – HTML Comments Are User Viewable
- Natas Level 2/3 – Directory Listings
- Natas Level 4 – HTTP Request Forging
- Natas Level 5 – Cookie Forging
- Natas Level 6 – PHP Interpreter and File Types
- Natas Level 7 – User Input and Unsafe Includes
- Natas Level 8 – Encoding Instead of Hashing
- Natas Level 9 – Shell Execution
- Natas Level 10 – Input Sanitization
- Natas Level 11 – XOR “Encryption”
- Natas Level 12 – File Uploads
- Natas Level 13 – Image File Restricted Upload
- Natas Level 14 – Direct Injection!
- Natas Level 15 – Blind Injection
- Natas Level 16 – Semi-Blind Shell Injection