OverTheWire - Natas - Level 6 → Level 7
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Login using given credentials.
URL: http://natas7.natas.labs.overthewire.org
Username: natas7
Password: 7z3hxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Once logged in, a navigation menu is displayed.
Clicking “Home” or “About” displays a text and changes the URL.
- Home:
/index.php?page=home - About:
/index.php?page=about
From this behavior it can be assumed that “Home” and “About” are loaded using an include statement. To confirm this assumption it is possible, for example, to try to specify a dummy page name instead of one of the available pages. Calling /index.php?page=bla returns the following:
Here it can be seen that an attempt is made to load “bla”. This vulnerability is called Local File Inclusion (LFI). Now, to find the password for the next level, the path of the file with the password needs to be located. Fortunately, the path to this file is mentioned in a comment in the page source code.
| |
So, calling /index.php?page=/etc/natas_webpass/natas8 or /index.php?page=../../../../etc/natas_webpass/natas8 returns the password for the next level:
