Axino.net

Opposite to what you might think basic 9 is very easy mission. Even basic introduction will suggest that we need to use SSI again as in previous mission. But what is more interesting and if you haven’t figured this, we will have to use previous mission to solve this and not only knowledge acquired but also script provided to us by Sam’s daughter.

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

Now let’s see if there are any other clues in mission description:

Level 9

Network Security Sam is going down with the ship – he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how…

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user’s input. The script finds the first occurance of ‘<–’, and looks to see what follows directly after it.

All of this being said just moves us towards using command from previous mission, though somewhat changed of course:

<!--#exec cmd="ls ../" -->

Do you remember this command, well if you do what we need to do is to make script move to directory of basic mission 9 and then we will be able to receive listing of files.

This is fairly easy also, do you remember what ../ did? It moves us one directory backwards so we will try to use it now. So new input for text field in mission 8 is something like this:

<!--#exec cmd="ls ../../9" -->

This will show us following file after input:

Hi, index.php p91e283zc3.php!

Your name contains 24 characters.

If we open file named p91e283zc3.php note that you have to open it in directory of mission 9.

We get our password: b6ad538f

Similar Posts:

• hackthissite.org basic 8 :: SSI
• hackthissite.org basic 3 :: password.php
• hackthissite.org basic 2 :: password is not
• hackthissite.org basic 7 :: calendar is it!
• hackthissite.org basic 1 :: password is