Basic Mission 9

[thebrokenbox]

Wow, I think level 9 was easier then level 8, and had it not been for a clue given here I would not have solved level 8.

Clue: A certain path might be helpful to use alongside a command used in a previous level.

Kind of vague but hope it helps:l

[thewindofdeath]

Wouldn't it be nice if you knew the exact path to take ......maybe it could be used instead?

I'm not sure the word confused, properly describes what I am right not.........maybe confuddled...befuddled...conbefulled? I GOT IT, CONFUZLED!!!!!!!!

I tried adapting the path that the mission gives you, but I wasn't getting anywhere with that....is that what you're hinting at, and I was just doing something wrong....or am I totally off track?

[Defience]

Wouldn't it be nice if you knew the exact path to take ......maybe it could be used instead?

I'm not sure the word confused, properly describes what I am right not.........maybe confuddled...befuddled...conbefulled? I GOT IT, CONFUZLED!!!!!!!!

I tried adapting the path that the mission gives you, but I wasn't getting anywhere with that....is that what you're hinting at, and I was just doing something wrong....or am I totally off track?

Let's see how I can put this without spoiling......you did basic 8 and were trying somethings with 9 where you wanted the inverse of ../ and tried \.. type of things which don't work for you but if you had something else to put in their place which was the direct path it would probably take you where you want to go....so yes, that is what I was hinting at and you were not totally off track, unless that direct path is the only thing you enter...it's still SSI.

[peac]

The script finds the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->"

i realy dont get this when i enter the path above given i keep getting the security message, so im a bit lost i readed about paths unix ssi. btw isnt ssi to begin with <!-- and not "The script finds the first occurance of '<--', "
would a gm mind to give me a big tip because when i cant find the anwser i cant realy go on.

[Bandar1108]

Are you supposed to put this code in the password box on Mission 9? I've tried so many times, but I can't tell whether I'm doing it right because it just comes up as the black dots in the box, so I have no idea whether the code is wrong, or whether I keep making mistakes typing it. Am I missing a seperate box somewhere?

[Irhab]

ok so I don't understand why a recursive listing from root or home is blocked. I'm missing something.

[Defience]

The script finds the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->"

i realy dont get this when i enter the path above given i keep getting the security message, so im a bit lost i readed about paths unix ssi. btw isnt ssi to begin with <!-- and not "The script finds the first occurance of '<--', "
would a gm mind to give me a big tip because when i cant find the anwser i cant realy go on.

The SSI should begin with '<!--' but the script they give you isn't the one to use here.

[Defience]

Are you supposed to put this code in the password box on Mission 9? I've tried so many times, but I can't tell whether I'm doing it right because it just comes up as the black dots in the box, so I have no idea whether the code is wrong, or whether I keep making mistakes typing it. Am I missing a seperate box somewhere?

Think about this....have you completed a mission that had ssi vulns in it? Could it be used again to exploit this ?

[Defience]

ok so I don't understand why a recursive listing from root or home is blocked. I'm missing something.

Yes, you are obviously missing something. You don't want 'root' or 'home' directories.

[s-killz]

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out.

so it says it shud be

Code: Select all

<--#exec cmd="ls"-->

isnt it supposed to be lyk

Code: Select all

<!--#exec cmd="ls"-->

I was confused...

Bt finally i got the right command
its

Code: Select all

<!--

nt

Code: Select all

<--

Hope it's nt a spoiler...