haha01haha01 wrote:okay. since some people seem to have trouble finishing this mission, i decided to make a (spoiler-free) explanation and common mistakes you can make.
basically, this mission requires two different levels of understanding:
the first level, the extension blocking. you must first understand what is the function adding to every string you give it, and modify your input in order to get the correct file.
the second level is basic knowledge about files. as far as i know, there are two ways to "request" a file. the first way is by requesting it from a url (examples of urls: http://www.google.com, hackthissite.org/index.php, etc). when requesting a url your computer will send an http request to the server referenced by the url, and the server will return the file. however, theres a catch: servers are not obligated to return the file requested. when you request a php file from a server, you do not get the file itself. you get a modified (parsed) version of it. this is why inserting hackthissite.org/index will not work (you will not get the real file)
the second method is getting a "local file" (a file that exists in your hard drive). requesting a local file is done using a path (examples of paths: index.php, C:/server/index.php, ../index.php, etc). when you request a local file, you always get the file itself, and not any modified version of it. this is why only servers are allowed to locally request their own files. in this mission, you get the function file_get_contents, and you need to request the local file index.php.
how many D's u need to go up, you ask? ill let you figure that one out yourself (*hint hint* look at your address bar)
bandchicky314 wrote:I'm still so lost... I think I'm on the right track with copying the stuff from my address bar and adding the code onto it but I've tried every combination there and I still haven't gotten it. I've looked at the links that other people have posted but I still don't get it. Anyone who's done it who can tell me if I'm on the right track or not, or at least what to Google?
fire_ball wrote:this may seem like a stupid question but can I find the file name in the sourcecode of the hackithissite.org?
because I been looking and I can't find anything
Users browsing this forum: No registered users and 0 guests