Natas Level 5 -> Level 6

Skills: Source code review, PHP

Let's login -
Creds - natas6:aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1
URL - http://natas6.natas.labs.overthewire.org/

Natas 6

We check the source code and we see that there is PHP script performing a check against user input "Secret" value.

Source code review

We also see that it is "including" secret.inc file from /includes/ directory. We visit the page -- http://natas6.natas.labs.overthewire.org/includes/secret.inc and see it is blank, but viewing its source, we see the secret.

View Source: ../includes/secret.inc

Submitting the secret key as "FOEIUWGHFEEUHOFUOIU", we see natas7 creds.

Level passed - natas7:7z3hEENjQtflzgnT29q7wAvMNfZdh0i9