Natas Level 6

This is a solution guide to the Natas6 Level at overthewire. This write-up was created on 5 March 2015.

First connect to the website

• http://natas6.natas.labs.overthewire.org
• Enter the following as the username natas6 and password aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1

Once again something new. We have an input field, a button to click, and a link which says view sourcecode. First let’s try hitting submit just to see what happens. Big surprise - wrong secret. So now let’s check the source code.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<?php
include "includes/secret.inc";
 
if(array_key_exists("submit", $_POST)) {
	if($secret == $_POST['secret']) {
		print "Access granted. The password for natas7 is <censored>";
	} 
	else {
		print "Wrong secret";
	}}
?>
 
<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>

It’s pretty simple source code, it essentially compares the value submitted in the text field to the contents in a file called secret.inc. So let’s see if we can access that file located on line 2 to get the contents @ http://natas6.natas.labs.overthewire.org/includes/secret.inc

At this point we find the following:

<?php
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

So now we know our secret value. Return back to the main page and enter it into the text field and see what happens …

Access granted. The password is natas7:7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

Bingo!