Over The Wire – Natas 6

To start with this, I tried some random junk in the secret box to see how it would react

x

‘or 1=1

sadkjsalkdh

None of these let me in so I guess we should click that convenient View sourcecode button…

Here we can see that there is some php being called for the web form (dictated b the “<?” and  “?>” tags.

What stands out to me when looking at this is the includes/secret.inc file being included… Could this really be the password? Let’s see

Hmm… This page looks empty… What about the source code? Is there something hiding?

Look at that! we have the secret, let’s try it out.

And it looks like we are good to go!