files/pixel.png, navigating to
/filesshows us that there is a file called
users.txtwhich contains the flag.
robot.txtfile is involved here. checking that file shows us a directory
/s3cr3twhich contains a
users.txtfile that contains the flag.
http://natas5.natas.labs.overthewire.org/, so we use the following burp request and manually set the
Referervalue to that endpoint.
loggedinthat is set to 0 by default. We modify the request and set the value to 1 as shown below.
includes/secret.inc. when navigating to that page and viewing the source we are given the secret to submit. After submitting the secret we get the flag.
index.php?page=<page>which screams LFI on basic challenges like this. Using the following burp request we can read the file
grepvia php. But it is not sanitizing input, so we can manipulate the command to read the flag file instead. The original php as well as the input needed to obtain the flag are shown below:
;from our input. This will just have grep search our file as well as the one defined in the php file.