As always, let’s check the source code.
Alright. Well, we know where the password is. Fat load of good that does.
Let’s check out these links.
Maybe the About page?
Hmmmmm. These pages are dynamically generated based on a value passed to index.php. What if we try a page, like password?
Oh. So we can give it a file or directory to open. Good thing we know where the password is. Let’s try /etc/natas_webpass/natas8.