Challange:
Coming into the webpage we only see 2 links to home and about.

Solving it:
Lets check both pages and their source code. (I deleted the headers again)

<html>
<h1>natas7</h1>
<div id="content">

<a href="index.php?page=home">Home</a>
<a href="index.php?page=about">About</a>
<br>
<br>
this is the front page

<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->
</div>
</body>
</html>
<html>
<body>
<h1>natas7</h1>
<div id="content">

<a href="index.php?page=home">Home</a>
<a href="index.php?page=about">About</a>
<br>
<br>
this is the about page

<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 -->
</div>
</body>
</html>

After seeing the source code we should probably go to /etc/natas_webpass/natas8. So lets browse to http://natas7.natas.labs.overthewire.org/etc/natas_webpass/natas8. But this webpage doesn’t exist. Probably because the /etc directory does not exist in the web directory. /etc is normally used for configuration files. We probably have to use a path traveler vulnerability. So lets try to add ../../../../../ before the /etc/… directory. We add this after the page= and the before the ‘/etc/natas_webpass/natas8’ part. The link will be: http://natas7.natas.labs.overthewire.org/index.php?page=../../../../../etc/natas_webpass/natas8. Going to this link grants us the password of natas8.

Leave a Reply

Your email address will not be published. Required fields are marked *