Level 6 - Level 7

Username: natas7
Password: jmxSiH3SP6Sonf8dv66ng8v1cIEdjXWr
URL:      http://natas7.natas.labs.overthewire.org

This the page had two links, Home and About

On checking these links found nothing.

But both of the above mentioned pages were fetched using the URL Query Parameter page.

And on the index page http://natas7.natas.labs.overthewire.org/, there was a hint in the source code of the page, which stated that the password for webuser natas8 is in /etc/natas_webpass/natas8.

The URL parameter and the hint triggered me about the LFI vulnerability. On testing whether the paramter is vulnerable to LFI by entering the password file location /etc/natas_webpass/natas8 to the page URL parameter [ http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8 ], resulted with the contents of the password file.

PreviousLevel 5 - Level 6 NextLevel 7 - Level 8

Last updated 10 months ago