Basic Mission 9

Learn new things
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]

Posting these will result in warnings/bans!

Re: Basic Mission 9

Post by ghostheadx2 on Sat Mar 05, 2016 8:37 pm
([msg=91782]see Re: Basic Mission 9[/msg])

I can't get how to inject the SSI code. I tried copying the code into notepad++ but if I insert it anywhere to make an input box, it does nothing. Could someone give me a hint? I think I might be able to get the right command to work, but I think the real challenge is how do I find out what input do I use to inject? I completed mission 8 but I don't think I'm using the password box to inject. Could someone give me an article on the relevant info to this stuff? Am I on the right track? Should I focus on modifying the code?

I tried making an input box, but I think that's not enough. Do I focus on how I edit the input box I make to get output that I can then input the linux commands from the last mission into?
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by ghostheadx2 on Wed Mar 09, 2016 2:23 pm
([msg=91846]see Re: Basic Mission 9[/msg])

Or, should I focus on typing code in the URL bar?
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by Jbraithwaite on Wed Mar 09, 2016 4:27 pm
([msg=91849]see Re: Basic Mission 9[/msg])

Think about how you completed 8 and then apply the same logic, however, sometimes you don't work on a mission directly and have to look back at something you've done. Kind of a hint there :)
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Basic Mission 9

Post by mShred on Thu Mar 10, 2016 12:19 am
([msg=91864]see Re: Basic Mission 9[/msg])

Jbraithwaite wrote:Think about how you completed 8 and then apply the same logic, however, sometimes you don't work on a mission directly and have to look back at something you've done. Kind of a hint there :)

This. If you need more specific help, PM me.
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Basic Mission 9

Post by ghostheadx2 on Thu Mar 10, 2016 12:25 pm
([msg=91876]see Re: Basic Mission 9[/msg])

I've looked up "SSI url injection" to try and inject in the url bar and that was the last thing I tried. I don't see where else there is to inject. I mean, there's no other input box so I'm wondering if there actually IS an input box somewhere or something to input code into and I don't see it.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by limdis on Thu Mar 10, 2016 5:50 pm
([msg=91882]see Re: Basic Mission 9[/msg])

Jbraithwaite wrote:Think about how you completed 8 and then apply the same logic, however, sometimes you don't work on a mission directly and have to look back at something you've done. Kind of a hint there :)

This is really the mother of all hints.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Basic Mission 9

Post by ghostheadx2 on Tue Mar 15, 2016 3:06 pm
([msg=91931]see Re: Basic Mission 9[/msg])

Right, something I've done in earlier missions, not just mission 8. I've been researching and I'm wondering if these pages are relevant:

https://www.owasp.org/index.php/Command_Injection

https://www.golemtechnologies.com/artic ... -injection

I got to the point where I was looking up YouTube videos for command injection, to see if there's a way to combine SSI injection with that in the url bar to make the server list the files. I haven't gotten results but am I in the right direction?
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by ghostheadx2 on Wed Mar 16, 2016 11:27 pm
([msg=91938]see Re: Basic Mission 9[/msg])

Solved it. This was easier than I thought it was. Lol.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by _realretard_ on Wed Mar 30, 2016 5:53 am
([msg=92041]see Re: Basic Mission 9[/msg])

The purpose of the clue given is purely to mislead you. You could simply ignore it and treat it the same way as basic 8
_realretard_
New User
New User
 
Posts: 2
Joined: Wed Mar 30, 2016 5:51 am
Blog: View Blog (0)


Re: Basic Mission 9

Post by tgbzero on Fri Apr 29, 2016 12:11 am
([msg=92230]see Re: Basic Mission 9[/msg])

aight this one's driving me a little crazy

I got 8 figured out, and I get how I have to "look back at my previous solutions", but I can't figure out how to avoid the on-the-right-track message. I'm using the list command but whenever I try to point it at a directory other than "..", I get the message.

I get the feeling I'm using the right command but somehow not properly navigating the directory structure?
tgbzero
New User
New User
 
Posts: 1
Joined: Thu Apr 28, 2016 11:59 pm
Blog: View Blog (0)


PreviousNext

Return to Basic

Who is online

Users browsing this forum: No registered users and 0 guests