Natas Level 728 Sep 2015 • Leander
This is a solution guide to the Natas7 Level at overthewire. This write-up was created on 26 September 2015.
First connect to the website
- Enter the following as the username natas7 and password 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9
When we connect we see two hyperlinks which go to “Home” and “About”. After clicking on one the webpage changes slightly and tells us we are either at home or at about. Hmmm … Let’s check the source code for the html page.
After looking at the source code I found that the web links reference a page file which is passed directely into index.php. What does that really mean? What happens if I try to pass the webserver something other than that? This may be a “file include” vulnerability which deals with the fact that some code developers are lazy. For example: What if the line of code which fetches the webpage is something like this:
include($_GET['page']); This results in the php script attempting to fetch whatever lies in ‘page’
Now the page has been replaced with the shadow file for the host system. Which looks like the following:
Alright so let’s try using another file name. A good target would be the location pointed out in the hint. So now try:
Access granted. The password is