So we log in to Natas 7 and see two links, let’s click on “home” and check out the page source shall we?
There are a couple things to notice here. After we click on home the address bar in our browser looks like this:
http://natas7.natas.labs.overthewire.org/index.php?page=home
index.php?page=home means that we are setting the “page” parameter in index.php equal to “home”. If we look down to the source code we see a commented out message, telling us where the password file is located on the server. Let’s try setting “page” equal to the full path to the file “natas8”:
