Basic Mission 9 Solution


Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
More
4 years 10 months ago #76 by thaGH05T
This is the ninth basic mission that can be found at Hack This Site . Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???

Scenario - Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/. In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how... This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it.

There are plenty of clues to how this can be found. Actually we can use some of the other missions on Hackthissite.org to defeat the rest. All you have to do is change the directory listing and do the same as last time from the mission 8 form. Then travel to the output making sure to be in the mission 9 folder. the command in this case is '<!--#exec cmd="ls ../../9"-->'. I am not going to spoon feed you with step by step so get your thinking caps on.

Warning: Spoiler! [ Click to expand ]
The topic has been locked.

Who's Online

We have 200 guests and one member online

  • skaterrage

N00BZ

  • asish-mishra
  • Ateequeahmed
  • microsoftsux
  • Mikeo419
  • adedayo924

Cookies