How to Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 3

Jun 14, 2015 10:41 AM
Jun 14, 2015 10:52 AM
635698507626465272.jpg

Hi guys.

I'm here to go for level 7 now lets get it start but i apologize u all that i posted this very late but now lets rock:

Level 7

this level says:

This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:

635698476633497294.jpg

Step 1: Linux Basics

for this level we should know basic command of Linux if you dont know i suggest you to go for these:

https://en.wikipedia.org/wiki/List_of_Unix_commands

https://null-byte.wonderhowto.com/how-to/linux-basics/

you can use any of them but i used 2nd link to learn and 1st link to view the table.

Step 2: Main Mission

Now back to our mission, in this one, network security Sam practices security through the ignorance of hackers. as for protecting his password, he has hidden it in a script with an obscure file name, but in "unrelated" news he has made a script that returns the output of the Linux command "cal", and what this command does, is that it displays a simple calendar. This is where combining commands comes in handy.

Indeed, by appending the combining command "&&" and the UNIX command "ls" we can do a full listing of the current directory, this is the output that I got (after entering "&& ls"):

Lets Tell It Clearly:

Step 1:

see the pic:

635698484602561108.jpg

I typed ''2015'' as a year it will show me 2015 year as you see below:

635698485595842014.jpg

it show us this because of "cal" command

Step 2:

now see this one:

635698487103811200.jpg

i have typed "&& Is" instead of "2015" it wont show me the year it show me this:

635698489405997537.jpg

Step 3:

if you see highlighted text and 3 others it means you did right now it's time to copy highlighted text and paste it in the end of the URL instead of "cal.pl"

Step 4:

you see a string that is the pass we want go back to the level 7 page and enter it to the pass input-box you should see this

635698491272092253.jpg

Extras

You may ask what are 3 others that I said lets explain it:

cal.pl

this is the page that i attached the pic here it is:

635698494959746404.jpg

index.php

it's the main page which you enter the pas or && Is

level7.php

The correct file is cal.pl - this file exists for consistency purposes and is NOT part of the mission.

it will show you that

In My Next Post

in near future i will tell you about mission 8 remember that for level 8 to 11 you should know Linux basics which OTW told everything about it in this link

https://null-byte.wonderhowto.com/how-to/linux-basics/

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!