Over the wire Natas Level 6 Objective: Get password for Level 7 Solution: So we have a text box with the label Input Secret and a submit query button Lets check the source code again. Here it looks like the form is taking our password we provide and checking it against another password stored In a variable $_Post[‘secret’] <? include "includes/secret.inc"; if(array_key_exists("submit", $_POST)) { if($secret == $_POST['secret']) { print "Access granted. The password for natas7 is <censored>"; } else { print "Wrong secret"; } } ?> Let’s see if we can just get to that file /includes/secret.inc and see if we can see the key in there http://natas6.natas.labs.overthewire.org/includes/secret.inc Looks like just a blank white page… but it did load so the thing exists, lets check the source for it <? $secret =
@circusmonkey404 on the twitters; DM for contact