Forum Login
Basic Mission 7 Solution
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
9 years 5 months ago - 9 years 5 months ago #74 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Basic Mission 7 Solution was created by thaGH05T
This is the seventh basic mission that can be found at
Hack This Site
. Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???
Scenario - This time Network Security Sam has saved the un-encrypted level7 password in an obscurely named file saved in this very directory. In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:
Now we are straying away a bit from the actual page code and encryption. On this page we can see that there is a script that will run to show us a calendar of our choice by taking our input. We were already told that the UNIX cal command is being used. If we hadn't we could have easily inspected the form and seen it using the cal .pl script or alternatively in the browser bar on submission. That being said, lets try to add another simple command to the mix. I used a ls to list the current directory. Now we have to remember to separate this command from the one already being run by using a semicolon. After we do this it lists the obfuscated file right below the calendar. How about we travel to that file to check it out hmm?
Part of the message is hidden for the guests. Please log in or register to see it.
Scenario - This time Network Security Sam has saved the un-encrypted level7 password in an obscurely named file saved in this very directory. In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:
Now we are straying away a bit from the actual page code and encryption. On this page we can see that there is a script that will run to show us a calendar of our choice by taking our input. We were already told that the UNIX cal command is being used. If we hadn't we could have easily inspected the form and seen it using the cal .pl script or alternatively in the browser bar on submission. That being said, lets try to add another simple command to the mix. I used a ls to list the current directory. Now we have to remember to separate this command from the one already being run by using a semicolon. After we do this it lists the obfuscated file right below the calendar. How about we travel to that file to check it out hmm?
Warning: Spoiler! [ Click to expand ] [ Click to hide ]
Part of the message is hidden for the guests. Please log in or register to see it.
If I helped you, buy me a beer!!! Happy Hunting...
Last edit: 9 years 5 months ago by thaGH05T.
The topic has been locked.
Who's Online
We have 811 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.