OverTheWire Natas Level 5 -> Level 6 - Walkthrough

OverTheWire Natas Solutions

Introduction

In this level, I'll give you a walkthrough to the natas wargame Level 5 -> Level 6. We will see the php code in this level and understand it to get the password.

Goal

Login to natas6 and get the password for the next level.

Login details

URL - http://natas6.natas.labs.overthewire.org
Username - natas6
Password - fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR

Theory

PHP is a server side scripting language used to handle the backend load of the website. It is not exposed in the source code due to security reasons. It is written within the html tag as-:
<?
            //php code
?>
The scope of the code is the full webpage so any code written at the start can be used at the end of the page. "include" keyword is used to include another php file and use it in the same page.

Solution

Open the URL in a browser. Enter the username and password mentioned above.

The below screen appears on successfully logging in that asks to input a secret and then submit it.

Open the source code by pressing "Ctrl+U" and you can see the link for "index-source.html" file. Click it or click "View Sourcecode" mentioned on the webpage logged in.

We can see the php code exposed. The code imports an external file in relative path "includes/secret.inc", then it checks if the user clicked the submit button with some input data. If so, it compares the user input to a variable by the name "$secret". If the user input matches with secret, it displays the password on the screen.
Navigate to the webpage "http://natas6.natas.labs.overthewire.org/includes/secret.inc" to get the secret.

Copy the secret and submit it on the homepage to get the password.

This completes Level 6 walkthrough as we have got the password. Please post your questions and doubts in the comment section.