Previous Level: Level 5
Theory
PHP is a scripting language. It is widely used, so it is worth trying to understand the basics. For web development, it is usually associated with the back-end, meaning processed on server side. It can be used for different functions, such as dynamic content or form processing. It can be integrated into HTML, but the code will generally not be exposed to the regular user.
PHP in HTML is enclosed in the following tags: <? ?>
or <?php ?>
. Variables start with a $
sign and the content of forms sent with a POST request can be accessed with the special $_POST
variable.
Another important part for this level is that it is possible to include code from other files into a file, by using include
or require
.
W3schools has a comprehensive tutorial for more details. I recommend you to check it out! You will encounter some more PHP in this wargame.
Solution
This time visiting the website we see an input field. We are prompted to input a secret. We can also to look at the source code through a link. The source code is a mix of HTML and PHP. We want to focus on the HTML form and the PHP:
|
|
First, the HTML form part shows what happens with our input. A POST request is used to send the input with the variable name ‘secret’. An additional ‘submit’ variable.
|
|
The PHP part processes this information. We can see that the POST request is checked for a variable with the name ‘submit’. If the variable exists, the content or our inputted ‘secret’ variable ($_POST['secret']
) is compared to a variable also called ‘secret’.
However, the code does not contain an uninitialized or initialized variable with this name. However, it does contain an ‘include’ statement. This means variables or functions are included from another file. The statement shows a relative path to the file.
Visiting the path http://natas6.natas.labs.overthewire.org/includes/secret.inc
leads to a seemingly empty webpage. But since it does not show us an error, something is happening, PHP code is run, which does not include any visual output.
So we use our favourite method to look at the source code and find more PHP code:
|
|
We found the ‘secret’ variable and its content. Using this as input, we get the ‘Access granted’ message, with the password for the next level.