OverTheWire的natas游戏(6-10)

最新推荐文章于 2025-08-05 18:49:56 发布

小莫神和他的的

最新推荐文章于 2025-08-05 18:49:56 发布

阅读量237

点赞数

CC 4.0 BY-SA版权

分类专栏： OverTheWire 文章标签：安全

本文链接：https://blog.youkuaiyun.com/qq_40710190/article/details/118419674

natas solution(6-10)

Natas Level 5 → Level 6

Username: natas6
URL:      http://natas6.natas.labs.overthewire.org

这一关不难，但是有一点可以讲一讲的。进去之后要我们往框框里输入东西后提交。不过旁边就有源码，直接看看源码吧

<?
include "includes/secret.inc";

if(array_key_exists("submit", $_POST)) {
   
   
    if($secret == $_POST['secret']) {
   
   
        print "Access granted. The password for natas7 is <censored>";
    } else {
   
   
        print "Wrong secret";
    }
}
?>

一个非常敏感的函数include猜测可能是文件包含但是看到下面的代码又没有相关的灵感。而且这个secret在哪呢？根据前面关卡的思路来看看includes目录？http://natas6.natas.labs.overthewire.org/includes/看到返回的错误是403这是一个非常有用的信息，这表明存在该目录但是我们没有权限访问，那我们再看看includes/secret.inc呢？

进去之后看到

<?
	$secret=FOEIUWGHFEEUHOFUOIU    
?>

很明了了吧，直接把这串字符串提交过去

Access granted. The password for natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9

那么这里有一个知识点就是后缀为.inc的这个文件

What is an .inc and why use it?

可以看到这是一个用于php项目里的后缀，根据高赞回答，这个后缀是一个习惯：当一个文件要被其他php文件include时就会使用.inc作为后缀。

.inc是.include的缩写。

It has no meaning, it is just a file extension. It is some people’s convention to name files with a .inc extension if that file is designed to be included by other PHP files, but it is only convention.

It does have a possible disadvantage which is that servers normally are not configured to parse .inc files as php, so if the file sits in your web root and your server is configured in the default way, a user could view your php source code in the .inc file by visiting the URL directly.

Its only possible advantage is that it is easy to identify which files are used as includes. Although simply giving them a .php extension and placing them in an includes folder has the same effect without the disadvantage mentioned above.