How To: Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Hi guys.
I'm here to go for level 7 now lets get it start but i apologize u all that i posted this very late but now lets rock:

Level 7

this level says:

This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:

Step 1: Linux Basics

for this level we should know basic command of Linux if you dont know i suggest you to go for these:
https://en.wikipedia.org/wiki/List_of_Unix_commands

https://null-byte.wonderhowto.com/how-to/linux-basics/

you can use any of them but i used 2nd link to learn and 1st link to view the table.

Step 2: Main Mission

Now back to our mission, in this one, network security Sam practices security through the ignorance of hackers. as for protecting his password, he has hidden it in a script with an obscure file name, but in "unrelated" news he has made a script that returns the output of the Linux command "cal", and what this command does, is that it displays a simple calendar. This is where combining commands comes in handy.

Indeed, by appending the combining command "&&" and the UNIX command "ls" we can do a full listing of the current directory, this is the output that I got (after entering "&& ls"):

Lets Tell It Clearly:

Step 1:

see the pic:

I typed ''2015'' as a year it will show me 2015 year as you see below:

it show us this because of "cal" command

Step 2:

now see this one:

i have typed "&& Is" instead of "2015" it wont show me the year it show me this:

Step 3:

if you see highlighted text and 3 others it means you did right now it's time to copy highlighted text and paste it in the end of the URL instead of "cal.pl"

Step 4:

you see a string that is the pass we want go back to the level 7 page and enter it to the pass input-box you should see this

Extras

You may ask what are 3 others that I said lets explain it:

cal.pl
this is the page that i attached the pic here it is:

index.php
it's the main page which you enter the pas or && Is

level7.php
The correct file is cal.pl - this file exists for consistency purposes and is NOT part of the mission.

it will show you that

In My Next Post

in near future i will tell you about mission 8 remember that for level 8 to 11 you should know Linux basics which OTW told everything about it in this link

https://null-byte.wonderhowto.com/how-to/linux-basics/

Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.

Buy Now (90% off) >

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

2 Comments

I was waiting for Part 3 for long lol xD

Share Your Thoughts

  • Hot
  • Latest