# Level 8 - Level 9

```
Username: natas9
Password: Sda6t0vkOPkM8YeOZkAGVhFoaplvlJFd
URL:      http://natas9.natas.labs.overthewire.org
```

This time also an input field with a link to the source code.

<figure><img src="/files/mWROOVh3pinMZ2EPVw8A" alt=""><figcaption></figcaption></figure>

On checking the source code, input keyword/string that we give is directly supplied as a parameter to the grep command, which looks out for matching strings in the `dictionary.txt` file and returns the output.

<figure><img src="/files/oru5tRXeQ5bhxywqxdgN" alt=""><figcaption></figcaption></figure>

This logic is vulnerable to [Command Injection](https://owasp.org/www-community/attacks/Command_Injection#:~:text=Command%20injection%20is%20an%20attack,.\)%20to%20a%20system%20shell.), since the input is directly substituted in the command and no input sanitization is performed.

So, I tried to get the password for the next level by using the following input value:

`; cat /etc/natas_webpass/natas10 ;`

Direct link to the solution:

<http://natas9.natas.labs.overthewire.org/?needle=%3B+cat+%2Fetc%2Fnatas_webpass%2Fnatas10+%3B&submit=Search>

<figure><img src="/files/ESR6I9gOCWOJsVh1pR0u" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://thamizhiniyancs.gitbook.io/writeups/overthewire/natas/level-8-level-9.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.