Basic Mission 9

Learn new things
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]

Posting these will result in warnings/bans!

Basic Mission 9

Post by limdis on Wed Jan 01, 2014 2:28 pm
([msg=78689]see Basic Mission 9[/msg])

Requirements:
SSI, Directory Traversal.


This one is tricky, so make sure to read the clue carefully. We know that the password file is stored in /var/www/hackthissite.org/html/missions/basic/9/, and since we do not have an input box to run commands, perhaps there is another way to display the files in this particular directory.

Good luck!



Do not post spoilers!
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by white.russian on Sat Jan 11, 2014 7:42 am
([msg=78849]see Re: Basic Mission 9[/msg])

I just want to clarify before I get to far into this:

What I'm getting from the explanation is that on Mission 8, a script verifies that my input is doing only one particular thing (and accessing only one particular area), before it creates the new .html file. I'm supposed to find some way to get around that script so that I can do the same thing for Mission 9 that I did for Mission 8, from the Mission 8 page? I just want to make sure I'm understanding the description paragraph correctly before I get to work on this.

Edit: Clarification.
Exitx2: Nevermind, I got it. I think the wording on the hint makes this missions seem a little more difficult and awkward than it really is.
white.russian
New User
New User
 
Posts: 3
Joined: Sat Jan 11, 2014 7:37 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by Ascaron70 on Fri Feb 07, 2014 7:42 pm
([msg=79350]see Re: Basic Mission 9[/msg])

i guess for this one i have to trick the script ,
for that it must not find "<--" , but why is it using that one ?
shouldn't it be checking for "<!--" ?
Ascaron70
New User
New User
 
Posts: 7
Joined: Fri Feb 07, 2014 7:18 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by fashizzlepop on Fri Feb 07, 2014 8:16 pm
([msg=79353]see Re: Basic Mission 9[/msg])

Ascaron70 wrote:i guess for this one i have to trick the script ,
for that it must not find "<--" , but why is it using that one ?
shouldn't it be checking for "<!--" ?


I'm not sure what you're asking. Have you beaten 8?
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by Ascaron70 on Sat Feb 08, 2014 11:21 am
([msg=79376]see Re: Basic Mission 9[/msg])

yes i have ,
as far as i understand there is a script that checks what you have typed in the text box ,
it checks if you have typed something that starts with "<--" and my question is shouldn't in check for "<!--" ?
Ascaron70
New User
New User
 
Posts: 7
Joined: Fri Feb 07, 2014 7:18 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by Jumperv3 on Sat Mar 08, 2014 9:41 pm
([msg=79787]see Re: Basic Mission 9[/msg])

I'm confused on this one. To me the hint says I am supposed to try to put script into the Password, but nothing I try works. Just stumped and looking for a prod in the right direction.

Thanks
Jumperv3
New User
New User
 
Posts: 1
Joined: Sat Mar 08, 2014 9:24 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by -Ninjex- on Tue Mar 18, 2014 3:39 am
([msg=79971]see Re: Basic Mission 9[/msg])

For those of you that are stuck, I think you should read this again, very slowly and let it sink in:

Network Security Sam wrote:This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1209
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by sweetcolongne on Thu Mar 20, 2014 7:35 pm
([msg=80002]see Re: Basic Mission 9[/msg])

-Ninjex- wrote:For those of you that are stuck, I think you should read this again, very slowly and let it sink in:
Network Security Sam wrote:This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how..


thx ninjex. i finally passed lv 9 today. after several days of understanding the words..... :)
sweetcolongne
New User
New User
 
Posts: 10
Joined: Sat Mar 15, 2014 11:11 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by pasaxet on Wed Mar 26, 2014 8:29 pm
([msg=80039]see Re: Basic Mission 9[/msg])

Ninjex,

Thanks for the hint, however I am still completely stumped. My assumption is that I am still supposed to use the input field on the level 8 page to somehow display the level 9 directory... however I cannot find any input that works except for the one that was used for the correct answer for problem 8 (everything else gives me the "You're on the right track" page).

I've been mulling over this one for almost 3 days straight and have tried everything that I have been able to think of to no avail. Could you or someone else offer any other hints or direction?
pasaxet
New User
New User
 
Posts: 2
Joined: Wed Mar 26, 2014 8:26 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by Adrasteia the Inescapable on Tue Apr 01, 2014 1:51 pm
([msg=80099]see Re: Basic Mission 9[/msg])

pasaxet wrote:Ninjex,

Thanks for the hint, however I am still completely stumped. My assumption is that I am still supposed to use the input field on the level 8 page to somehow display the level 9 directory... however I cannot find any input that works except for the one that was used for the correct answer for problem 8 (everything else gives me the "You're on the right track" page).

I've been mulling over this one for almost 3 days straight and have tried everything that I have been able to think of to no avail. Could you or someone else offer any other hints or direction?

Where do you think the files for Level 9 are relative to Level 8?
Adrasteia the Inescapable
New User
New User
 
Posts: 33
Joined: Sun Mar 09, 2014 12:02 am
Blog: View Blog (0)


Next

Return to Basic

Who is online

Users browsing this forum: No registered users and 0 guests