Login

Username: natas9
Password: W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl
URL: http://natas9.natas.labs.overthewire.org

Solution

Again, view the sourcecode.

Let’s try testing the search function and see how it relates to this sourcecode. I’ll search for ‘test’.

Alright, it looks like it uses grep to search a dictionary file for our search term. Since it’s already running a command with passthru(), maybe we can make it run a command of our own.

Let’s prematurely end the grep and see what’s in the working directory with  ;ls.

Ooooo, we can run our own commands. From Natas 7, we saw that passwords are stored in /etc/natas_webpass. Let’s read the password for natas10 with  ;cat /etc/natas_webpass/natas10.

Yay.