Extbasic 2

by **Artio** on Fri Apr 03, 2009 7:04 pm ([msg=21128]see Re: Extbasic 2[/msg])

This missions has just totally bested me. Stopped me like a brick wall.
Tried every combination i can think of, tried using D. T. to navigate to the index, but just cannot get my head around it.
Read every hint/tip/spoiler in this thread, and just cannot nail it.

Little help?

by **eljonto** on Sun Apr 05, 2009 4:04 am ([msg=21168]see Re: Extbasic 2[/msg])

ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T

also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in

Does the mission want us to input the entirety of the function along with the added input, or just the input? I understand what I need to do, I just don't know how it wants me to do it.

by **eljonto** on Fri Apr 24, 2009 7:30 pm ([msg=22445]see Re: Extbasic 2[/msg])

resurgam wrote:Does the mission want us to input the entirety of the function along with the added input, or just the input? I understand what I need to do, I just don't know how it wants me to do it.

just the input

So many posts have been helpful to me on other topics so I'd like to leave a hint on this one, its not really a hint as much as something useful to know, so here it is, hope it helps someone as it helped me: http://uw714doc.sco.com/en/SDK_sysprog/_Relative_Pathnames.html

eljonto wrote:ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in

DT as in Directory Traversal[if it's a spoiler please delete it]? :?:

If yes then do v hv 2 use SSI or just dat dotdotslash command?

by **eljonto** on Sat May 16, 2009 6:38 am ([msg=23811]see Re: Extbasic 2[/msg])

goluhaque wrote:
eljonto wrote:ok you are doing the right thing- you need to use DT to solve this one- just look at the url to see how many D's you need to T also in php the '.' will add something to a string so if your string is:
$str = 'hello';
$str=$str.'bye'; (or $str.='bye'; for short)
$str now equals 'hellobye'

look at what the code in ext2 adds- maybe you are putting too much info in

DT as in Directory Traversal[if it's a spoiler please delete it]? If yes then do v hv 2 use SSI or just dat dotdotslash command?

Yes DT means Directory Transversal and why would you need SSI for this mission..?

Do I have to edit it or just to put more?

okay. since some people seem to have trouble finishing this mission, i decided to make a (spoiler-free) explanation and common mistakes you can make.

basically, this mission requires two different levels of understanding:
the first level, the extension blocking. you must first understand what is the function adding to every string you give it, and modify your input in order to get the correct file.

the second level is basic knowledge about files. as far as i know, there are two ways to "request" a file. the first way is by requesting it from a url (examples of urls: http://www.google.com, hackthissite.org/index.php, etc). when requesting a url your computer will send an http request to the server referenced by the url, and the server will return the file. however, theres a catch: servers are not obligated to return the file requested. when you request a php file from a server, you do not get the file itself. you get a modified (parsed) version of it. this is why inserting hackthissite.org/index will not work (you will not get the real file)
the second method is getting a "local file" (a file that exists in your hard drive). requesting a local file is done using a path (examples of paths: index.php, C:/server/index.php, ../index.php, etc). when you request a local file, you always get the file itself, and not any modified version of it. this is why only servers are allowed to locally request their own files. in this mission, you get the function file_get_contents, and you need to request the local file index.php.

how many D's u need to go up, you ask? ill let you figure that one out yourself

(*hint hint* look at your address bar)

wow, I cant believe it took me that long to figure it out, all you need to know is how to change the directory and what you do and dont need to put in, oh and make sure your better at counting than me :lol: