OverTheWire Natas Level 6 -> Level 7 - Walkthrough

OverTheWire Natas Solutions

Introduction

In this level, I'll give you a walkthrough to the natas wargame Level 6 -> Level 7. We will use the query strings and inject the path to get the password for next level.

Goal

Login to natas7 and get the password for next level.

Login details

URL - http://natas7.natas.labs.overthewire.org
Username - natas7
Password - jmxSiH3SP6Sonf8dv66ng8v1cIEdjXWr

Theory

Query strings are set of characters attached at the end of a URL. It begins after the question mark(?) and are written as key-value pairs. An equal(=) sign separates the key and value.

File inclusion vulnerability allows the attacker to include a file. Through Local File Inclusion(LFI), we can include the files that are locally present on the server. When we input the path to a webpage in the URL and the input is not properly sanitized then such vulnerability is exploited and the content is displayed.

Solution

Open the URL in a browser. Enter the username and password mentioned above.

The below screen appears on successfully logging in with only the "Home" button and "About" button. Clicking either of the buttons gives the message "This is the front page" and "This is the about page". Notice the URL as it contains a new parameter after "?" which is "page=home" or "page=about" on clicking the buttons.

Lets see the source code. Press "ctrl+U" to view the source code.

Notice the hint that is commented with the html tag. It states that the password for natas8 is in "/etc/natas_webpass/natas8". We will put this file path in the URL. Type in the URL - "http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8"

This completes Level 7 walkthrough as we have got the password. Please post your questions and doubts in the comment section.