BB

technology and craziness.

BB

technology and craziness.

OverTheWire - Natas - Level 5 → Level 6

Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Login using given credentials.

URL: http://natas6.natas.labs.overthewire.org
Username: natas6
Password: aGoYxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The page contains a HTML form element and an link to the page source code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
<div id="content">

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>

This code checks if the entered “Input secret” ($_POST['secret']) equals $secret. $secret is included from the file includes/secret.inc. Opening this file shows a blank page. The value for $secret is visible in the page source code:

1
2
3
<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

Entering “FOEIUWGHFEEUHOFUOIU” in the form and submitting it returns the message:

Access granted. The password for natas7 is 7z3hxxxxxxxxxxxxxxxxxxxxxxxxxxxx