OverTheWire - Natas - Level 5 → Level 6

Warning: This post contains a solution!

Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!


Login using given credentials.

Username: natas6
Password: aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1
URL:      http://natas6.natas.labs.overthewire.org

The page contains a HTML form element and an link to the page source code:

<div id="content">

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>

This code checks if the entered "Input secret" ($_POST['secret']) equals $secret. $secret is included from the file includes/secret.inc. Opening this file shows a blank page. The value for $secret is visible in the page source code:

<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

Entering "FOEIUWGHFEEUHOFUOIU" in the form and submitting it returns the message:

Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9
Show Comments