Natas Level 6 → Level 7

Main page

Logging into natas6, a link to the source code, a input field to insert a secret and a submit button.

natas6 start

Source Code

The source code looks very typical, we can see the php code between h1 header and the form.

natas6 source code

Analyzing the code we can see the include header gives us the path to the secret. The include “includes/;” says that all code that exists in file (includes/ will be included in the file that calls it.

Secret Source Code

By entering includes/ at the end of the URL, we then see a blank page, by viewing the page source of the blank web page we can see the secret.

natas6 source code2

Submitting Secret

Inputting the secret password into the input field and submitting it.

natas6 submitting secret


We now have the password for the next level.

natas6 passwordt