Acunetix - Scan Your Website For Vulnerabilities
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

Basic Mission 9

Learn new things
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]

Posting these will result in warnings/bans!
Post a reply

Re: Basic Mission 9

Post by ravingraver on Tue Mar 17, 2009 1:48 am
([msg=20077]see Re: Basic Mission 9[/msg])

I don't really understand this... I'll try to be as discreet as possible (so I don't give away any answers) and maybe someone could pm me about it...

I dont understand how if "...the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out." and yet we can still execute something else in that input that is not one of those 2 options. Am I missing something?

P.S: I have the answer so please don't try to hide it (if you pm me). I just really don't understand it. Thanks
ravingraver
New User
New User
 
Posts: 2
Joined: Tue Mar 17, 2009 1:42 am
Blog: View Blog (0)

Re: Basic Mission 9

Post by Defience on Tue Mar 17, 2009 9:06 am
([msg=20088]see Re: Basic Mission 9[/msg])

ravingraver wrote:I don't really understand this... I'll try to be as discreet as possible (so I don't give away any answers) and maybe someone could pm me about it...

I dont understand how if "...the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out." and yet we can still execute something else in that input that is not one of those 2 options. Am I missing something?

P.S: I have the answer so please don't try to hide it (if you pm me). I just really don't understand it. Thanks


Did you really execute something else in there?
User avatar
Defience
Addict
Addict
 
Posts: 1279
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by austinlab on Tue Mar 17, 2009 9:27 am
([msg=20091]see Re: Basic Mission 9[/msg])

was that a hint or a correction. cause ya i looked it up and your right its a directory traversal or transversal. is there a difference between parent directory and directory traversal?
austinlab
New User
New User
 
Posts: 2
Joined: Thu Feb 26, 2009 9:53 am
Blog: View Blog (0)

Re: Basic Mission 9

Post by Defience on Tue Mar 17, 2009 9:41 am
([msg=20092]see Re: Basic Mission 9[/msg])

austinlab wrote:was that a hint or a correction. cause ya i looked it up and your right its a directory traversal or transversal. is there a difference between parent directory and directory traversal?


The parent directory is like the 'main folder' and directory traversal is a way to navigate to it, or to subfolders of it.
User avatar
Defience
Addict
Addict
 
Posts: 1279
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by banda on Wed Mar 18, 2009 4:19 am
([msg=20126]see Re: Basic Mission 9[/msg])

ravingraver wrote:I don't really understand this... I'll try to be as discreet as possible (so I don't give away any answers) and maybe someone could pm me about it...

I dont understand how if "...the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out." and yet we can still execute something else in that input that is not one of those 2 options. Am I missing something?

P.S: I have the answer so please don't try to hide it (if you pm me). I just really don't understand it. Thanks


I think you are correct.

BTW to execute #exec cmd="ls /home/xec96/public_html/missions/basic/8/"--> how do you even think of this path??? I have no clue. To complete level8 I executed a command different from both above.
banda
New User
New User
 
Posts: 14
Joined: Tue Mar 17, 2009 11:15 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by Defience on Wed Mar 18, 2009 9:12 am
([msg=20132]see Re: Basic Mission 9[/msg])

banda wrote:
ravingraver wrote:I don't really understand this... I'll try to be as discreet as possible (so I don't give away any answers) and maybe someone could pm me about it...

I dont understand how if "...the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out." and yet we can still execute something else in that input that is not one of those 2 options. Am I missing something?

P.S: I have the answer so please don't try to hide it (if you pm me). I just really don't understand it. Thanks


I think you are correct.

BTW to execute #exec cmd="ls /home/xec96/public_html/missions/basic/8/"--> how do you even think of this path??? I have no clue. To complete level8 I executed a command different from both above.


It's giving you that path as a hint.
User avatar
Defience
Addict
Addict
 
Posts: 1279
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by ravingraver on Wed Mar 18, 2009 1:21 pm
([msg=20146]see Re: Basic Mission 9[/msg])

Well by putting in something else, I meant the answer to mission 9.
And I didn't put the file path, i put ../ instead, for mission 8.
ravingraver
New User
New User
 
Posts: 2
Joined: Tue Mar 17, 2009 1:42 am
Blog: View Blog (0)

Re: Basic Mission 9

Post by banda on Wed Mar 18, 2009 8:43 pm
([msg=20159]see Re: Basic Mission 9[/msg])

ravingraver wrote:Well by putting in something else, I meant the answer to mission 9.
And I didn't put the file path, i put ../ instead, for mission 8.


This also works.
banda
New User
New User
 
Posts: 14
Joined: Tue Mar 17, 2009 11:15 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by banda on Wed Mar 18, 2009 8:47 pm
([msg=20160]see Re: Basic Mission 9[/msg])

Defience wrote:
It's giving you that path as a hint.


Hint I get in the page is

Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/

However, Sam's young daughter Stephanie has just learned to program in PHP. She's talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote an script to demonstrate her ability.


I dont get such a path or am I missing something???



[Edited By: Monica]
banda
New User
New User
 
Posts: 14
Joined: Tue Mar 17, 2009 11:15 pm
Blog: View Blog (0)

Re: Basic Mission 9

Post by orwell84 on Wed Mar 18, 2009 8:51 pm
([msg=20161]see Re: Basic Mission 9[/msg])

This is basic mission 9, right? So go to mission 9 and it gives you the path. Learn about absolute paths vs. relative paths, if that's not too spoiler-ish. It's the same thing as mission 8, but just a bit more...not difficult, but tricky, because you're trying to do the same thing, but to a different location.
Mens et manus.
User avatar
orwell84
Poster
Poster
 
Posts: 112
Joined: Fri Feb 20, 2009 8:20 pm
Blog: View Blog (0)
PreviousNext
Post a reply

Return to Basic

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel