Wonder How ToGadget HacksNext RealityNull Byte
how to

How to Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Jun 14, 2015 10:41 AM
Jun 14, 2015 10:52 AM
635698507626465272.jpg

Hi guys.

I'm here to go for level 7 now lets get it start but i apologize u all that i posted this very late but now lets rock:

Level 7

this level says:

This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:

635698476633497294.jpg

Step 1: Linux Basics

for this level we should know basic command of Linux if you dont know i suggest you to go for these:

https://en.wikipedia.org/wiki/List_of_Unix_commands

https://null-byte.wonderhowto.com/how-to/linux-basics/

you can use any of them but i used 2nd link to learn and 1st link to view the table.

Step 2: Main Mission

Now back to our mission, in this one, network security Sam practices security through the ignorance of hackers. as for protecting his password, he has hidden it in a script with an obscure file name, but in "unrelated" news he has made a script that returns the output of the Linux command "cal", and what this command does, is that it displays a simple calendar. This is where combining commands comes in handy.

Indeed, by appending the combining command "&&" and the UNIX command "ls" we can do a full listing of the current directory, this is the output that I got (after entering "&& ls"):

Lets Tell It Clearly:

Step 1:

see the pic:

635698484602561108.jpg

I typed ''2015'' as a year it will show me 2015 year as you see below:

635698485595842014.jpg

it show us this because of "cal" command

Step 2:

now see this one:

635698487103811200.jpg

i have typed "&& Is" instead of "2015" it wont show me the year it show me this:

635698489405997537.jpg

Step 3:

if you see highlighted text and 3 others it means you did right now it's time to copy highlighted text and paste it in the end of the URL instead of "cal.pl"

Step 4:

you see a string that is the pass we want go back to the level 7 page and enter it to the pass input-box you should see this

635698491272092253.jpg

Extras

You may ask what are 3 others that I said lets explain it:

cal.pl

this is the page that i attached the pic here it is:

635698494959746404.jpg

index.php

it's the main page which you enter the pas or && Is

level7.php

The correct file is cal.pl - this file exists for consistency purposes and is NOT part of the mission.

it will show you that

In My Next Post

in near future i will tell you about mission 8 remember that for level 8 to 11 you should know Linux basics which OTW told everything about it in this link

https://null-byte.wonderhowto.com/how-to/linux-basics/

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)
636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!