Friday's mission was to accomplish solving HackThisSite, basic mission 7, which required us to learn some basic Unix commands. If you have any prior experience using Unix commands, this should be a breeze for you if you sit and think for a second.
These missions are for everyone here, and you can join at any time. Your experience level doesn't matter. HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it. This week's mission on HackThisSite was to think of a way that the calender system could be exploited.
At the missions start, we are presented with a nice greeting.
"This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory."
After, they show us the script and allow us to test it out. If you use it, you will see that this returns the exact same thing if you entered it in a normal BASH terminal.
Now, if you are familiar with chaining commands in Linux, this should be a breeze. They give us a hint, "saved in this very directory". To view files in the current directory in Linux, we would type ls. To chain commands, you would add an && to the end before the command and arguments.
We can clearly see, it actually does the cal command and then lists everything in that directory. Including the file that contains our needed password. Score!
Want more Null Byte?
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!