This is the ninth basic mission that can be found at
Hack This Site
. Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???
Scenario - Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/. In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how... This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it.
There are plenty of clues to how this can be found. Actually we can use some of the other missions on Hackthissite.org to defeat the rest. All you have to do is change the directory listing and do the same as last time from the mission 8 form. Then travel to the output making sure to be in the mission 9 folder. the command in this case is '<!--#exec cmd="ls ../../9"-->'. I am not going to spoon feed you with step by step so get your thinking caps on.
Warning: Spoiler! [ Click to expand ] [ Click to hide ]
Part of the message is hidden for the guests. Please log in or register to see it.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.