Natas6 - natas7

From JaxHax
Jump to navigation Jump to search

Level Goal

Input secret: [____________________________]
[Submit Query]
                               <View sourcecode>


Decided to click the <View sourcecode> link which goes to

It gave me the following code:

         <!-- This stuff in the header has nothing to do with the level -->
         <link rel="stylesheet" type="text/css" href="">
         <link rel="stylesheet" href="" />
         <link rel="stylesheet" href="" />
         <script src=""></script>
         <script src=""></script>
         <script src=></script><script src=""></script>
         <script>var wechallinfo = { "level": "natas6", "pass": "<censored>" };</script>
         <div id="content">


include "includes/";

    if(array_key_exists("submit", $_POST)) {
        if($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";

         <form method=post>
                  Input secret: <input name=secret><br>
                  <input type=submit name=submit>

         <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>

So the PHP code is checking the user submitted secret against the one stored in a variable called $secret.

It's likely it comes from the includes/ file.

Decided to navigate to and got a blank page.

checked view source on this page to see the following:


This means we want to submit FOEIUWGHFEEUHOFUOIU in the form. Doing so gives us:

Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9 
Input secret: [____________________________]
[Submit Query]
                               <View sourcecode>