Basic Mission 7

[fashizzlepop]

I take it that most web admins would fix it so that this wouldn't work.

Correct, most wouldn't NOT filter user input.

NEVER trust the user.

[vaibhavdiwase]

ok listen when you know how to execute different commands at the same time (google unix commands its like the first link) then look for something obscure and when i mean obscure i really really really mean it. and like it says its a file (think back to mission 3 - what did u have to do with that file?) well hope it didnt give too much away but i think its better then just telling someone to go learn some unix commands and leave them hanging

thanks mate.. was stuck after listing the files
always remember the basic stuff

ok here are clear hints for some people still stuck
1. google 'unix separate commands on same line'
2. use that separator (do not pipe) and enter a basic unix command required to list all the files located on unix server
3. now remember some basic html knowledge from level 3

if you still don't get it.. god bless you!

[shailx7]

Please clear me why "passwd" command doesnt work???

[fashizzlepop]

Please clear me why "passwd" command doesnt work???

That command generally requires user interaction, not to mention it would be affecting the user on the machine, not the password for the basic 7 form. It doesn't just display a person's password either.

[SleepIsForTheMeek]

looooool
i was trying to cat the pass file -.-

epic facepalm.

[fashizzlepop]

looooool
i was trying to cat the pass file -.-

epic facepalm.

I've been surprised how many people have tried that. Nice thinking.

[indestructibleguy]

Freakin' windows coding. All I have to say is 'dir da dir'. oh, and remember, UNIX, NOT Windows.

[KthProg]

as far as with the concept of placing several commands on one line, so that your command runs after the server is done executing the expected command, could you also do that to php file or some java code or would it simply interpret it as a string?

[fashizzlepop]

as far as with the concept of placing several commands on one line, so that your command runs after the server is done executing the expected command, could you also do that to php file or some java code or would it simply interpret it as a string?

Good question.

The reason the mission is solved the way it is is because something like this is being executed:

Code: Select all

syscmd('cal ' + userinput)

That's pseudocode but you should get the point. By placing your code directly after 'cal' you are escaping the cal command and then running your own using linux shell conventions. This means that if you had a PHP or Java script that did the same thing, it would work there too. The point is, if you are directly running user input without sanitizing it you will probably be exploited. If you type in the exploit into a program that simply prints the entered text, it will *probably* just print what you typed, because at no point is it executing your input.

Tl;dr: if you're Executing the user input directly, you're vulnerable.

[Slowbrain]

Eureka !
I solved mission 7, a mix of luck and hard work, it sounds very much like real life.
But i spent lot of energy wondering about "obscurely".
What, where is the "obscurely"
Any help to get?