inspect page source for flag (as a comment)inspect page source for flag (as a comment)
use keyboard shortcut instead of mouse for consoleinspect
image link
explore directory
open /files/users.txtinspect
not even google - robots.txt
explore dir on robots.txtrefresh link on page
edit request to manually change the referrer headerchange cookie loggedin to 1view source
check include "includes/secret.inc" file
secret as comment
send secretview source
use the password file as the page parameterview source
reverse encodedSecret
bin2hex(strrev(base64_encode($secret)));view source
$key is used to run a shell command
and passthrough the raw output
inject cat /etc/natas_webpass/natas10 via $keyview source
cannot use ;|& in the injected command
use grep wildcard to match all lines in a file
key = [a-z,A-Z,0-9]} /etc/natas_webpass/natas11