Previous Level: Level 1
Theory
A server is nothing else but a computer that allows requests and sends responses to a client. A web server sends files requested through a URL. The main part of the URL (exp. ‘https://mayadevbe.me/') can be seen as the address of the server, while anything following it is the location of a file on the server (exp. ‘https://mayadevbe.me/posts/images/vmbox_setup_wizard_error.png'). Generally, a well setup website will allow access to files, but not to folders (exp. ‘https://mayadevbe.me/posts/images/'), otherwise all files in the folders would be known and accessible.
){kind=link}
A website does not just consist of an HTML file. Modern websites are generally set up with HTML, CSS and JS files. Furthermore, a web server can host other types of files, which are either embedded in a website or accessible on their own through the correct path. If the file is hosted by the same server, the path will often be relative and not contain the main part of the URL (exp. ‘/posts/images/vmbox_setup_wizard_error.png’).
Solution
The website states that ‘There is nothing on this page’. This suggests that there is something somewhere else.
Looking at the source code, an image tag (<img>) is visible. This means an image is embedded on the website. The path to the image is relative: files/pixel.png. This is the second part of the URL, showing the location on the server, relative to the main page. To request just the image, the path has to be combined with the URL: ‘http://natas2.natas.labs.overthewire.org/files/pixel.png'
This returns a white, tiny 1x1 pixels image. This explains why it was not visible before.
More interestingly, it reveals a path. Removing the image name, we can check if the folder that contains the image is accessible and maybe also contains other files (http://natas2.natas.labs.overthewire.org/files/).
It is, in fact, accessible and contains a file called users.txt.
When opening this file, it contains a list of username:password combinations, including the password for natas3.