"hostess is a code-slaying dragon found deep within the core of the earth, unearthing magma and vulnerabilities single handedly while using the other hand to pet his cat"

OverTheWire Natas Level 6

| Comments

The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues.

It starts out with a secret password prompt.

I took a look at the sourcecode, via the link provided.

I decided I would try and see if I could request the “” file, and it worked perfectly.

After I put in the secret value into the input box, it showed me the password for the next level.

This level teaches that files that contain secrets should never be publicly accessible. Either put them in server-side code so that they’re not rendered, or put them out of the webroot.