Monday, October 29, 2012

OvertheWire - Natas Wargame Level 6 Writeup

Level 6

When using the credentials obtained from the previous post to log in to Level 6, we are presented with the following:

This challenge appears to require a secret to obtain the password. Let's view the sourcecode and see what we can find.

 <head><link rel="stylesheet" type="text/css" href=""></head>  
 <div id="content">  
 include "includes/";  
   if(array_key_exists("submit", $_POST)) {  
     if($secret == $_POST['secret']) {  
     print "Access granted. The password for natas7 is <censored>";  
   } else {  
     print "Wrong secret";  
 <form method=post>  
 Input secret: <input name=secret><br>  
 <input type=submit name=submit>  
 <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>  

By viewing the source code, we can see that the PHP code checks to see if we have sent the correct secret. However, while this code doesn't provide us with much (since the secret is located in the variable $secret), it does tell us that there is a file located at 'includes/', which is included in the code. Browsing to this file reveals the following:


Just like that, we can see the secret needed to obtain the password. Let's use this secret and see what happens:

As expected, using this secret gives us the password for natas7, allowing us to log into the next challenge. More writeups to come.


No comments:

Post a Comment