Natas6 - natas7

From JaxHax
Jump to navigation Jump to search

Level Goal

Input secret: [____________________________]
[Submit Query]
                               <View sourcecode>

Solution

Decided to click the <View sourcecode> link which goes to http://natas6.natas.labs.overthewire.org/index-source.html

It gave me the following code:

<html>
      <head>
         <!-- This stuff in the header has nothing to do with the level -->
         <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
         <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
         <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
         <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
         <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
         <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
         <script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script>
      </head>
      <body>
         <h1>natas6</h1>
         <div id="content">

<?

include "includes/secret.inc";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
    }
?>

         <form method=post>
                  Input secret: <input name=secret><br>
                  <input type=submit name=submit>
         </form>

         <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
      </div>
   </body>
</html>


So the PHP code is checking the user submitted secret against the one stored in a variable called $secret.

It's likely it comes from the includes/secret.inc file.

Decided to navigate to http://natas6.natas.labs.overthewire.org/includes/secret.inc and got a blank page.

checked view source on this page to see the following:

<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>


This means we want to submit FOEIUWGHFEEUHOFUOIU in the form. Doing so gives us:

Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9 
Input secret: [____________________________]
[Submit Query]
                               <View sourcecode>