Basic Mission 8

[DaMoNarch]

It's been posted about a dozen times (at least) in this thread, but I'll emphasize again: all you need to solve this can be found in the following two links:

http://httpd.apache.org/docs/1.3/howto/ssi.html

and

http://www.computerhope.com/unix/uls.htm

Once you figure that out, be very VERY mindful of your url bar (that cost me some extra time). I kinda feel dumb for that part.

I finally got it after this hint! The format of the command has to be very specific. Seems like spaces and everything must be exact. I was typing in the correct command but was not formatting it with the correct spacing.

[shailx7]

One thing i dont understand that SSI is supposed to be from server side ok? we r user i mean client ok? so how can we use this SSI.......

[pharous]

One thing i dont understand that SSI is supposed to be from server side ok? we r user i mean client ok? so how can we use this SSI.......

I have yet to read the basic information, so don't take it as truth without confirming yourself, but my guess is that those are commands that are executed completely serverside. you can still manipulate the commands, just not the progress of executing them.

[shailx7]

^PLZ ELABORATE i have completed my mission but i didn't able to understand some things---

1. SSI supposed to work or add functionality from the serverside while we are client by the time we submit name. then how it works?
2. why cant we use password line as the command line?
3. There is nothing that i found related with php on the source code of the level8 page...then what did that asshole's daughter did with php.
4. how that thing xyz.php tells password which is supposed call the function which tells letters in name?

"IF I SHOWED ANY DUMBNESS PLZ EXCUSE I M A LEARNER"

[KthProg]

Ok i used the correct command, got all of the file names, but Im not sure what url to find them in.
none go to an existing file.

i dont think posting this would be a spoiler, most windows users, myself included, would not even know that the var/... has anything to do with unix.

EDIT: Nevermind I was using the wrong command, you should offer a brief explanation that var/ is in the root directory on unix systems.

EDIT EDIT: Apparently i solved it without understanding why it worked. nevermind my last edit.

[fashizzlepop]

Try again, one of them should give you the password.

[dydrax]

If you are trying to use server side includes to solve the challenge, you are on the right track: but I have limited the commands allowed to ones relevant towards finding the password file for security reasons(because there will always be that one person who decides to execute some rather nasty commands). So please manipulate your code so that it is a little more pertaining to the level.

how can i get out from tmp directory ???
i only use jump back command,then it block

[fashizzlepop]

You are only able to submit one command. This command will have to do everything you need it to. You can't take this one step at a time.

[1njustice]

My cyber GOD!
I was doing the same executing the same command string for an hour until I realized there was a space where there shouldn't of been.. My hint would be, check your spaces!

Just joined this forum & site and are loving it so far. Thanks for all the hard work keeping people like me entertained on the web! Keep up the good work, expect a donation from me real soon.

[thehackertoyou]

So what's the diff between php and ssi? and how can I tell the difference between those two and html by viewing the page source?