Natas 5 lets us know immediately that we’re not welcome by informing us that we’re not logged in. And how does it know that? Lets open up our cookies and take a look around.
That looks interesting. It’s currently set at 0. What happens if we set it to one? There are probably various ways you can achieve this. Using a web proxy like the burp suite, or various add-ons depending on your browser. I’m using Firefox, so I used the developer toolbar to set the cookie (Shift+F2, cookie list, cookie set). With my cookie now set to its new value, I was able to reload the page and get the password for natas 6.
<h1>natas5</h1>
<div id="content">
Access granted. The password for natas6 is XXXXXXXXXXXXXXXXXXXXXXX</div>