How To: Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Hi guys.
I'm here to go for level 7 now lets get it start but i apologize u all that i posted this very late but now lets rock:

Level 7

this level says:

This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:

Step 1: Linux Basics

for this level we should know basic command of Linux if you dont know i suggest you to go for these:
https://en.wikipedia.org/wiki/List_of_Unix_commands

https://null-byte.wonderhowto.com/how-to/linux-basics/

you can use any of them but i used 2nd link to learn and 1st link to view the table.

Step 2: Main Mission

Now back to our mission, in this one, network security Sam practices security through the ignorance of hackers. as for protecting his password, he has hidden it in a script with an obscure file name, but in "unrelated" news he has made a script that returns the output of the Linux command "cal", and what this command does, is that it displays a simple calendar. This is where combining commands comes in handy.

Indeed, by appending the combining command "&&" and the UNIX command "ls" we can do a full listing of the current directory, this is the output that I got (after entering "&& ls"):

Lets Tell It Clearly:

Step 1:

see the pic:

I typed ''2015'' as a year it will show me 2015 year as you see below:

it show us this because of "cal" command

Step 2:

now see this one:

i have typed "&& Is" instead of "2015" it wont show me the year it show me this:

Step 3:

if you see highlighted text and 3 others it means you did right now it's time to copy highlighted text and paste it in the end of the URL instead of "cal.pl"

Step 4:

you see a string that is the pass we want go back to the level 7 page and enter it to the pass input-box you should see this

Extras

You may ask what are 3 others that I said lets explain it:

cal.pl
this is the page that i attached the pic here it is:

index.php
it's the main page which you enter the pas or && Is

level7.php
The correct file is cal.pl - this file exists for consistency purposes and is NOT part of the mission.

it will show you that

In My Next Post

in near future i will tell you about mission 8 remember that for level 8 to 11 you should know Linux basics which OTW told everything about it in this link

https://null-byte.wonderhowto.com/how-to/linux-basics/

2 Comments

I was waiting for Part 3 for long lol xD

Share Your Thoughts

  • Hot
  • Latest