OverTheWire - Natas - Level 5 → Level 6

Warning: This post contains a solution!

Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Login using given credentials.

Username: natas6
Password: aGoYxxxxxxxxxxxxxxxxxxxxxxxxxxxx
URL:      http://natas6.natas.labs.overthewire.org

The page contains a HTML form element and an link to the page source code:

<div id="content">


include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>

This code checks if the entered "Input secret" ($_POST['secret']) equals $secret. $secret is included from the file includes/secret.inc. Opening this file shows a blank page. The value for $secret is visible in the page source code:


Entering "FOEIUWGHFEEUHOFUOIU" in the form and submitting it returns the message:

Access granted. The password for natas7 is 7z3hxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Show Comments