An automated solver for the OverTheWire Natas wargame challenges, featuring level-specific exploitation techniques and credential management.
- Automated solving for levels 0-34
- Session management and credential persistence
- Rich console output with progress indicators
- Modular solver architecture
- PHP payload generation and template handling
- Extensive error handling and logging
requests>=2.28.0
typing>=3.7.4
rich>=10.0.0
PHP CLI
├── config/
│ └── credentials.py # Initial credentials config
├── payloads/
│ ├── natas*.php # Level-specific PHP payloads
│ └── *.template # PHP template files
├── solvers/
│ ├── base_solver.py # Base solver class
│ └── natas*.py # Level-specific solvers
├── utils/
│ ├── credentials.py # Credential management
│ ├── http_client.py # HTTP request handling
│ ├── php_template.py # PHP template handling
│ └── php_runner.py # PHP script execution
├── main.py # Main orchestrator
└── credentials.csv # Credential storage
- Install dependencies:
pip install -r requirements.txt- Ensure PHP CLI is installed:
php --version- Run the solver:
python main.py
To solve all levels, ensure that the credentials.csv file contains only the following content, removing any old credentials:
level,username,password
If the file already contains credentials, the solver will resume from the corresponding level.
Each level solver implements specific exploitation techniques:
- Level 0-10: Basic web exploitation
- Level 11-20: More advanced techniques (SQL injection, command injection)
- Level 21-30: Complex exploitation chains
- Level 31-34: Advanced PHP exploitation
NatasSolver: Base class for all level solversNatasOrchestrator: Main orchestration and progress trackingCredentialManager: Credential storage and retrievalPHPTemplateHandler: PHP payload template management
Comprehensive error handling including:
- HTTP request failures
- PHP execution errors
- File operation errors
- Invalid credentials