lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?
Shade_of_Gray wrote:lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?
Generally speaking? Try both.
liuyuan wrote:Just want to clarify:
Despite bearing similarities between the two missions. (Basic 9 and Realist 4) they have NOTHING to do with each other besides directory traversal(it's called traversal, not transversal... It's not even a word...).
It's good if you can actually learn something...
Basic 9 takes advantage of server side includes vulnerabilities. Allowing server commands to be excused.
Realistic 4, however, takes advantage of a php file() function. The poetries were saved as... well... plain files with no extensions (such as .php, .txt) it's just loaded with include() or require() from the .php display script.
Here is a diagram I've made to help you understand this.
http://img294.imageshack.us/img294/2749/real4uy9.jpg
As a bonus, which is irrelevant to the mission, check out these.
http://www.hackthissite.org/missions/re ... he%20Idiot
http://www.hackthissite.org/missions/re ... ding%20War
Every time you get a "page not found" e.g. http://www.hackthissite.org/missions/realistic/3/poems/
it means the page is forbidden, but the file/directory actually exists!
Every time you get a witty comment and a page not found, it means it doesn't exists at all.
I know this because I've redirected all 403 forbidden to the "page not found" page, because I was tired of getting a anti-DDOS 403 Forbidden page XD
JonBoyMullins wrote:Consider this...
The name of the poem ends up being the name of the file.
Knowing the directory you are in, and index.html is in, is imperative.
Apologies if ive given too much away, please remove if neccessary
Vive wrote:<SPOILER-ISH>IF SPOILER MESSAGE.EDIT() && AUTHOR.APOLOGIZE() END IF
-rjstark
thread:stumped
I once saved a folder(directory) for aircraft in a flight simulator "MyDesigns/Custom" and i was unable to access the contents of that folder(directory) using *nix commands because of the filename
</SPOILER-ISH>
when the file is saved it is saved to the server immediately and the file name is not filtered
Return to (Real 3) Peace Poetry: HACKED
Users browsing this forum: No registered users and 0 guests