OverTheWire Natas Level 5 → 6 tutorial!!

Login

URL: http://natas6.natas.labs.overthewire.org

Credentials: natas6:0RoJwHdSKWFTYR5WuiAewauSuNaBXned

Task

The page asks for a secret. If the secret is correct, it will reveal the password for natas7.

A little bit of Theory

• The page links to “View sourcecode”, which shows the PHP behind the challenge.
• PHP can include other files with include / require. If the included file is web-accessible, you might read it directly.
• Comparing $_POST['secret'] to a variable (like $secret) often means the real value sits in an included file.

Further reading:

• PHP: include
• HTTP POST method

Solution

1. Open the provided source

   Click “View sourcecode” on the page.

   <?php
   include "includes/secret.inc";
   
   if (array_key_exists("submit", $_POST)) {
     if ($secret == $_POST['secret']) {
       print "Access granted. The password for natas7 is <censored>";
     } else {
       print "Wrong secret";
     }
   }
   ?>
   

   

   Why? It includes includes/secret.inc, which likely defines $secret.

2. Read the included file directly

   Visit:

   http://natas6.natas.labs.overthewire.org/includes/secret.inc
   

   You’ll see something like:

   <?php
   $secret = "FOEIUWHGFEEUHFUOIVUOIU";
   ?>
   

   

3. Submit the secret

   Paste the secret into the form and press Submit.

   

   The page prints the password for natas7.

Password

bmg8SvU1LizuWjx3y7xkNERkHxGre0GS

Troubleshooting

• Getting “Wrong secret”? → Copy the secret exactly from secret.inc (no spaces/newlines).
• Can’t open secret.inc? → Make sure the path is correct: /includes/secret.inc (case-sensitive).
• Still stuck? → Re-check the Basic Auth credentials for natas6.

Great work 🎉 You traced an included file, grabbed the secret, and used it to unlock natas7!

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨