Extbasic 2

Learn how to do code review

Re: Extbasic 2

Post by kaoS555 on Sun Jul 18, 2010 10:10 pm
([msg=42093]see Re: Extbasic 2[/msg])

Thanks for the link edilVin, it helped a lot!
kaoS555
New User
New User
 
Posts: 13
Joined: Sat Jul 17, 2010 6:34 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by cs9876543210cs on Tue Jan 25, 2011 7:02 am
([msg=52836]see Re: Extbasic 2[/msg])

haha01haha01 wrote:okay. since some people seem to have trouble finishing this mission, i decided to make a (spoiler-free) explanation and common mistakes you can make.

basically, this mission requires two different levels of understanding:
the first level, the extension blocking. you must first understand what is the function adding to every string you give it, and modify your input in order to get the correct file.

the second level is basic knowledge about files. as far as i know, there are two ways to "request" a file. the first way is by requesting it from a url (examples of urls: http://www.google.com, hackthissite.org/index.php, etc). when requesting a url your computer will send an http request to the server referenced by the url, and the server will return the file. however, theres a catch: servers are not obligated to return the file requested. when you request a php file from a server, you do not get the file itself. you get a modified (parsed) version of it. this is why inserting hackthissite.org/index will not work (you will not get the real file)
the second method is getting a "local file" (a file that exists in your hard drive). requesting a local file is done using a path (examples of paths: index.php, C:/server/index.php, ../index.php, etc). when you request a local file, you always get the file itself, and not any modified version of it. this is why only servers are allowed to locally request their own files. in this mission, you get the function file_get_contents, and you need to request the local file index.php.

how many D's u need to go up, you ask? ill let you figure that one out yourself ;) (*hint hint* look at your address bar)


I really do it . it's work!!!1 :mrgreen: :mrgreen: :mrgreen:
cs9876543210cs
New User
New User
 
Posts: 4
Joined: Mon Jan 24, 2011 6:36 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by Sawny1337 on Wed Mar 16, 2011 3:32 pm
([msg=55138]see Re: Extbasic 2[/msg])

This mission sucks.
One, you should be able to include with http://www.example.com.. Right?
The function is not just to get your own files..
Two, $_POST['filename'] means i looks for filename and you should need to edit the HTML code so it match filename..
Sawny1337
New User
New User
 
Posts: 7
Joined: Sat May 08, 2010 2:56 am
Blog: View Blog (0)


Re: Extbasic 2

Post by Phantom Wolf on Wed Mar 16, 2011 3:43 pm
([msg=55139]see Re: Extbasic 2[/msg])

Yeah, I'm pretty sure file_get_contents() will accept a URL, but oh well.

As for editing HTML, the mission asks what value should be sent, it doesn't ask you to POST the value in the way you would if you were actually exploiting the code
"Well it isn't my fault. I shouldn't have been allowed to do something to crash it." "No, you shouldn't have been allowed to buy a computer in the first place"
Phantom Wolf
Poster
Poster
 
Posts: 271
Joined: Wed Mar 03, 2010 8:45 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by dangaz on Thu Jun 09, 2011 9:22 am
([msg=58292]see Re: Extbasic 2[/msg])

The only problem I had with this level was that someone forgot to take into account that you can access this mission from 2 different places, with different levels of D's to T as it were... and I was playing from http://www.hackthissite.org/missions/playit/extbasic/2 (which is where the Go On button takes you from extbasic 1.)

It was expecting input that would be wrong if you are playing from there.

It's fine if you play it from http://www.hackthissite.org/missions/extbasic/2 (if you assume that 2 was a file, but i'm pretty sure it's a dir too, so really there should be one more DT, and should accept an extra on top of that just in case you are playing from the longer URL as different links get you there at different URLs.

My apologies if this is spoilerish or anything, feel free to trim. But I am (at the least partially) right.
dangaz
New User
New User
 
Posts: 1
Joined: Thu Jun 09, 2011 9:09 am
Blog: View Blog (0)


Re: Extbasic 2

Post by bandchicky314 on Fri Jul 15, 2011 6:29 pm
([msg=59798]see Re: Extbasic 2[/msg])

I'm still so lost... I think I'm on the right track with copying the stuff from my address bar and adding the code onto it but I've tried every combination there and I still haven't gotten it. I've looked at the links that other people have posted but I still don't get it. Anyone who's done it who can tell me if I'm on the right track or not, or at least what to Google?
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Extbasic 2

Post by Vulpine on Fri Jul 15, 2011 6:46 pm
([msg=59799]see Re: Extbasic 2[/msg])

bandchicky314 wrote:I'm still so lost... I think I'm on the right track with copying the stuff from my address bar and adding the code onto it but I've tried every combination there and I still haven't gotten it. I've looked at the links that other people have posted but I still don't get it. Anyone who's done it who can tell me if I'm on the right track or not, or at least what to Google?


If you know where you need to go, think of a way to get there relative to where you are.

Feel free to PM if you need to discuss it a bit.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by occamsrzr on Thu Oct 13, 2011 8:00 pm
([msg=62293]see Re: Extbasic 2[/msg])

think about directory heirarchy
occamsrzr
Experienced User
Experienced User
 
Posts: 58
Joined: Wed Aug 24, 2011 10:28 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by fire_ball on Wed Mar 14, 2012 5:48 pm
([msg=65018]see Re: Extbasic 2[/msg])

this may seem like a stupid question but can I find the file name in the sourcecode of the hackithissite.org?
because I been looking and I can't find anything
fire_ball
New User
New User
 
Posts: 22
Joined: Thu Mar 24, 2011 6:29 pm
Blog: View Blog (0)


Re: Extbasic 2

Post by LoGiCaL__ on Thu Mar 15, 2012 11:32 am
([msg=65027]see Re: Extbasic 2[/msg])

fire_ball wrote:this may seem like a stupid question but can I find the file name in the sourcecode of the hackithissite.org?
because I been looking and I can't find anything


I think you're looking to deep into this. You don't actually have to get the source code. You just need to mess with the code so it would get the source code. It helps having php installed and configured so you can mess about some arbitrary local site you create.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1062
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


PreviousNext

Return to Extended Basics

Who is online

Users browsing this forum: No registered users and 0 guests