💻
Ashish Khairnar
  • #whoami
  • Exam Reviews
    • Certified Red Team Professional Exam
  • OverTheWire
    • Bandit
      • Bandit Level 0
      • Bandit Level 0 → Level 1
      • Bandit Level 1 → Level 2
      • Bandit Level 2 → Level 3
      • Bandit Level 3 → Level 4
    • Natas
      • Natas Level 2 → Level 3
      • Natas Level 3 -> Level 4
      • Natas Level 4 -> Level 5
      • Natas Level 5 -> Level 6
      • Natas Level 6 -> Level 7
      • Natas Level 7 -> Level 8
      • Natas Level 8 -> Level 9
  • TryHackMe - Write-ups
    • TryHackMe - Vulnnet
  • HackTheBox - Writeups
    • HTB - ScriptKiddie
Powered by GitBook
On this page

Was this helpful?

  1. OverTheWire
  2. Natas

Natas Level 5 -> Level 6

Skills: Source code review, PHP

PreviousNatas Level 4 -> Level 5NextNatas Level 6 -> Level 7

Last updated 4 years ago

Was this helpful?

Let's login -
Creds - natas6:aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1
URL - http://natas6.natas.labs.overthewire.org/

We check the source code and we see that there is PHP script performing a check against user input "Secret" value.

Submitting the secret key as "FOEIUWGHFEEUHOFUOIU", we see natas7 creds.

Level passed - natas7:7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

We also see that it is "including" secret.inc file from /includes/ directory. We visit the page -- and see it is blank, but viewing its source, we see the secret.

http://natas6.natas.labs.overthewire.org/includes/secret.inc
Natas 6
Source code review
View Source: ../includes/secret.inc