Extended Basics Tutorial

Learn how to do code review

Extended Basics Tutorial

Post by TheMindRapist on Mon Apr 14, 2008 5:00 pm
([msg=122]see Extended Basics Tutorial[/msg])

Extbasics Tutorial


Extbasic 1

So we have this:

Code: Select all
void blah(char *str) {
char lol[200];
strcpy(lol, str); }


The method declares an array called lol of type char and then copies what you input into it. Arrays are useful for storing large amounts of similar data. For example, if you had a database of tax rates for people then it would be much easier to make an array of doubles than to make 400 or however many doubles of different names. When declaring an array the format is
Code: Select all
type arrayName[index];

Type is the kind of data the array will hold(i.e. int, String, char, long, double, float) All the variables of an array must have the same data type. arrayName is simply what you want the array to be called. index is an int specifying how many objects will be in your array. To reference an array you do arrayName[desiredIndex], arrayName being the name of the array you want, and desiredIndex being what element of the array you want to access. It is important to remember that the index starts at 0 so to access the first element of the array you would do arrayName[0]. If you try to call an element of the array with an index higher than the max you set when declaring the array you will receive an error and the program will terminate.

Extbasic 2

We have this function:

Code: Select all
$lvl_text = file_get_contents($_POST['filename'].'.php');


A mistake I made when I first tried was trying to figure out what command I needed to tell the function to find the source code. You don't need one. If you can't get this mission chances are you tried hackthissite.org/index.php and don't understand why it was wrong. Try taking a closer look at the code. Notice something that may be getting added twice?

Extbasic 3

Code: Select all
BEGIN notr.eal
CREATE int AS 2
DESTROY int AS 0
ANS var AS Create + TO
out TO


The mission will be a lot easier if you know a programming language. You really need to think about what each line of the program is doing.
It might help to think about possible abbreviations.

Extbasic 4

Code: Select all
{user types 6,7} BEGIN F.ake
var int as in
int var as in
out var int


Again, pretty easy if you know a programming language. Don't be confused by the first line, the user is entering 6 and 7, the first part isn't actual code. Hmm, the program then makes two variables whose values must be this "in" thing. What could in be short for?
Next the program 'out' var and int What could out be short for?

Extbasic 5

Here is the shell:

Code: Select all
#!/bin/sh
rm OK
sed -E "s/eval/safeeval/" <exec.php >tmp && touch OK
if [ -f OK ]; then
rm exec.php && mv tmp exec.php
fi


The only part you need to worry about is the shell. It's really easy to overthink this. You can think of sed as the Find/Replace function in other programs. Basically, it is finding eval in exec.php and replacing it with safeeval in tmp. The only problem is that Always Owned Sam forgot something. If you aren't familiar with sed, you can learn a lot here:
http://www.grymoire.com/Unix/Sed.html

Extended Basic 6

Code: Select all
<?php
$user =$_GET['user'];
$pass = $_GET['pass'];
if (isAuthed($user,$pass))
{
$passed=TRUE; }
if ($passed==TRUE)
{
echo 'you win'; } ?>
<form action="me.php" method="get">
<input type="text" name="user" />
<input type="password" name="pass" />
</form> <?php
function isAuthed($a,$b)
{
return FALSE;
}
?>


Ok. Let's look at the code. It gets the username and password then runs the function isAuthed on them. If isAuthed(user,pass) returns true then the variable passed is set to true. (The default for booleans is true that is why you don't need ==true in the if statement.) Next, if passed has been set to true we win the mission. Hmm, it doesn't look like we can get the password anywhere, but maybe we can just skip right past having a correct username and password. Think about what value you would change if you could change one. Now how can we change that value? It says enter the correct URL and it also says that the sysadmin doesn't know much about web configuration. What could we add to the given URL to send the information we want?
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by godfather on Thu Apr 17, 2008 11:26 am
([msg=552]see Re: Extended Basics Tutorial[/msg])

were is extendbasic 7? ;)
godfather
New User
New User
 
Posts: 1
Joined: Wed Apr 16, 2008 12:29 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by TheMindRapist on Mon Apr 21, 2008 6:55 pm
([msg=908]see Re: Extended Basics Tutorial[/msg])

Extbasics 7 and 8 weren't created when I wrote this, I'll make tutorials for them and resubmit my article to HTS.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by terminus on Tue Apr 22, 2008 2:29 pm
([msg=980]see Re: Extended Basics Tutorial[/msg])

The answer to extended basic 7 does not seem to work. There are several options available for solving ext basic 7 but I am assuming the answer they want is very specific and I can't seem to find the exact method they want to use plus the correct formatting for entering it in so that it is accepted.
terminus
New User
New User
 
Posts: 45
Joined: Mon Apr 14, 2008 9:10 am
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by TheMindRapist on Tue Apr 22, 2008 5:13 pm
([msg=997]see Re: Extended Basics Tutorial[/msg])

Then tinker around with it.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by terminus on Fri Apr 25, 2008 10:04 am
([msg=1287]see Re: Extended Basics Tutorial[/msg])

TheMindRapist wrote:Then tinker around with it.


I did and I solved it. At the time of my post however the challenge was incorrect and in some ways still is.
terminus
New User
New User
 
Posts: 45
Joined: Mon Apr 14, 2008 9:10 am
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by Crystal_Bearer on Tue Apr 29, 2008 1:52 pm
([msg=1735]see Re: Extended Basics Tutorial[/msg])

Good idea, TheMindRapist. This is a good way to get people to understand the workings of the ext. basics without any spoilers. A lot of people don't go to the articles, so it's a good idea to put it here. :D
Crystal_Bearer
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 15, 2008 1:48 am
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by ax1s0f3v1l on Sun May 18, 2008 10:17 pm
([msg=2781]see Re: Extended Basics Tutorial[/msg])

OK so I just spent about 2 hours playing around with Ex. Basic 6. Turns out I had the answer the first time I submitted, just the wrong case. So if you think you have it remember the submissions are case sensitive, and in this case lowercase sensitive!!
ax1s0f3v1l
New User
New User
 
Posts: 1
Joined: Fri May 16, 2008 9:54 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by TheMindRapist on Wed Jun 18, 2008 9:57 pm
([msg=5218]see Re: Extended Basics Tutorial[/msg])

I will rewrite a complete version of this guide to include 1-10 soon, I promise.
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Extended Basics Tutorial

Post by leonidas_heaven on Tue Sep 09, 2008 9:14 am
([msg=11253]see Re: Extended Basics Tutorial[/msg])

I am eagerly waiting for your article as there are 2 reasons..

:shock: First i need some hints on the left over mission.
:shock: I myself have to submit a article and i am waiting for it from about 2 months..
Challenges are not meant to be taken easily,rather they are meant to be taken Seriously
leonidas_heaven
Experienced User
Experienced User
 
Posts: 66
Joined: Sun Jun 01, 2008 5:20 am
Location: Uttarakhand,India
Blog: View Blog (0)


Next

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests