Another day, another challenge…
In today’s blog post we will solve level 7 from the Natas wargame challenge.
Going to the following link, and entering username “natas7” and password “7z3hEENjQtflzgnT29q7wAvMNfZdh0i9” we see the following:
Hmm… we see a Home and About links. Let’s click the links and see what happens.
After clicking the links we see there’s not much that’s showing on the screen.
Let’s view the source and see if there are any hints there.
Doing a right click, view page source we see:
Hmm… we see a comment that says, “password for webuser natas8 is in /etc/natas_webpass/natas8”
How can we use this information?
Looking at the above screenshots of Home and About – we notice that at the end of the URL it’s referencing a page. For instance for the home page it’s “page=Home” and for About it’s “page=About”. Let’s try to change the page name to the hint that was provided to us.
Changing the URL to: http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8, we see…