Extbasic 2

Learn how to do code review

Re: Extbasic 2

Post by Artio on Fri Apr 03, 2009 7:04 pm
([msg=21128]see Re: Extbasic 2[/msg])

This missions has just totally bested me. Stopped me like a brick wall.
Tried every combination i can think of, tried using D. T. to navigate to the index, but just cannot get my head around it.
Read every hint/tip/spoiler in this thread, and just cannot nail it.

Little help?
Artio
New User
New User
 
Posts: 1
Joined: Fri Apr 03, 2009 6:48 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by eljonto on Sun Apr 05, 2009 4:04 am
([msg=21168]see Re: Extbasic 2[/msg])

ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T :D also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in ;)
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Extbasic 2

Post by resurgam on Fri Apr 24, 2009 5:45 pm
([msg=22442]see Re: Extbasic 2[/msg])

Does the mission want us to input the entirety of the function along with the added input, or just the input? I understand what I need to do, I just don't know how it wants me to do it. :P
04/23/2009:
1957 Points
Basic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11)
Realistic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (12)
Application: (1) (2) (3)
Javascript: (1) (2) (3) (4) (5) (6)
Logic: (1)
Extbasic: (1) (3) (4)
Stego: (2) (3) (4) (6)
resurgam
New User
New User
 
Posts: 1
Joined: Sat Jun 28, 2008 3:53 am
Blog: View Blog (0)


Re: Extbasic 2

Post by eljonto on Fri Apr 24, 2009 7:30 pm
([msg=22445]see Re: Extbasic 2[/msg])

resurgam wrote:Does the mission want us to input the entirety of the function along with the added input, or just the input? I understand what I need to do, I just don't know how it wants me to do it. :P


just the input
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Extbasic 2

Post by dbarreto on Sat May 09, 2009 5:37 pm
([msg=23489]see Re: Extbasic 2[/msg])

So many posts have been helpful to me on other topics so I'd like to leave a hint on this one, its not really a hint as much as something useful to know, so here it is, hope it helps someone as it helped me: http://uw714doc.sco.com/en/SDK_sysprog/_Relative_Pathnames.html
dbarreto
New User
New User
 
Posts: 1
Joined: Sat May 09, 2009 5:35 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by goluhaque on Sat May 16, 2009 2:55 am
([msg=23804]see Re: Extbasic 2[/msg])

eljonto wrote:ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T :D also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in ;)

DT as in Directory Traversal[if it's a spoiler please delete it]? :?:If yes then do v hv 2 use SSI or just dat dotdotslash command?
(23:45:03) hauk: I guess you are over the best part of your life when 4-year-olds say "Are you an evil man?"
(23:46:19) hauk: and "Ima punch you in the pecker"
User avatar
goluhaque
Poster
Poster
 
Posts: 153
Joined: Mon Apr 13, 2009 12:08 am
Location: India
Blog: View Blog (0)


Re: Extbasic 2

Post by eljonto on Sat May 16, 2009 6:38 am
([msg=23811]see Re: Extbasic 2[/msg])

goluhaque wrote:
eljonto wrote:ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T :D also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in ;)

DT as in Directory Traversal[if it's a spoiler please delete it]? :?:If yes then do v hv 2 use SSI or just dat dotdotslash command?


Yes DT means Directory Transversal and why would you need SSI for this mission..?
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Extbasic 2

Post by Pur33vil on Sun May 17, 2009 7:02 am
([msg=23842]see Re: Extbasic 2[/msg])

Do I have to edit it or just to put more?
Pur33vil
New User
New User
 
Posts: 4
Joined: Wed May 13, 2009 6:31 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by haha01haha01 on Sun May 17, 2009 1:58 pm
([msg=23851]see Re: Extbasic 2[/msg])

okay. since some people seem to have trouble finishing this mission, i decided to make a (spoiler-free) explanation and common mistakes you can make.

basically, this mission requires two different levels of understanding:
the first level, the extension blocking. you must first understand what is the function adding to every string you give it, and modify your input in order to get the correct file.

the second level is basic knowledge about files. as far as i know, there are two ways to "request" a file. the first way is by requesting it from a url (examples of urls: http://www.google.com, hackthissite.org/index.php, etc). when requesting a url your computer will send an http request to the server referenced by the url, and the server will return the file. however, theres a catch: servers are not obligated to return the file requested. when you request a php file from a server, you do not get the file itself. you get a modified (parsed) version of it. this is why inserting hackthissite.org/index will not work (you will not get the real file)
the second method is getting a "local file" (a file that exists in your hard drive). requesting a local file is done using a path (examples of paths: index.php, C:/server/index.php, ../index.php, etc). when you request a local file, you always get the file itself, and not any modified version of it. this is why only servers are allowed to locally request their own files. in this mission, you get the function file_get_contents, and you need to request the local file index.php.

how many D's u need to go up, you ask? ill let you figure that one out yourself ;) (*hint hint* look at your address bar)
There are 11 types of people in the world - those who understand binary, those who don't and those who already heard this joke.
User avatar
haha01haha01
Poster
Poster
 
Posts: 134
Joined: Tue Jan 13, 2009 10:08 am
Location: HackThisSite.org
Blog: View Blog (0)


Re: Extbasic 2

Post by superkid68 on Thu Jun 11, 2009 10:26 am
([msg=25248]see Re: Extbasic 2[/msg])

wow, I cant believe it took me that long to figure it out, all you need to know is how to change the directory and what you do and dont need to put in, oh and make sure your better at counting than me :lol:
superkid68
New User
New User
 
Posts: 37
Joined: Fri Jun 13, 2008 8:42 am
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests