How to Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3
I'm here to go for level 7 now lets get it start but i apologize u all that i posted this very late but now lets rock:
this level says:
This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.
In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:
for this level we should know basic command of Linux if you dont know i suggest you to go for these:
you can use any of them but i used 2nd link to learn and 1st link to view the table.
Now back to our mission, in this one, network security Sam practices security through the ignorance of hackers. as for protecting his password, he has hidden it in a script with an obscure file name, but in "unrelated" news he has made a script that returns the output of the Linux command "cal", and what this command does, is that it displays a simple calendar. This is where combining commands comes in handy.
Indeed, by appending the combining command "&&" and the UNIX command "ls" we can do a full listing of the current directory, this is the output that I got (after entering "&& ls"):
see the pic:
I typed ''2015'' as a year it will show me 2015 year as you see below:
it show us this because of "cal" command
now see this one:
i have typed "&& Is" instead of "2015" it wont show me the year it show me this:
if you see highlighted text and 3 others it means you did right now it's time to copy highlighted text and paste it in the end of the URL instead of "cal.pl"
you see a string that is the pass we want go back to the level 7 page and enter it to the pass input-box you should see this
You may ask what are 3 others that I said lets explain it:
this is the page that i attached the pic here it is:
it's the main page which you enter the pas or && Is
The correct file is cal.pl - this file exists for consistency purposes and is NOT part of the mission.
it will show you that
in near future i will tell you about mission 8 remember that for level 8 to 11 you should know Linux basics which OTW told everything about it in this link