Monday, August 12, 2013

hackthissite.org Basic Challenge 7 | Shivang Desai

Hello friends,

Here's the Challenge 7 of HTS(HackThisSite).

"The password id hidden in an unknown file, and Sam has set up a script to display a calender. Requirements: Basic UNIX command knowledge"

When I entered a year in first textbox of this challenge, then some command(UNIX command) got executed through "cal.pl" and it displayed calender of that year.

Now, in "Requirements", they have written that knowledge of UNIX command is required.

First thing that came in my mind was a short list of UNIX command which included following.
-cat
-echo
-ls
-cd
and some others. But none was useful except "ls".

The description of challenge 7 says that Sam has kept that file in same directory where "cal.pl" was present.

According to the scenario, only one command fits and that is "ls" as we want to see other files present in this very directory.

Finally the idea was clear.

I just typed in "2013; ls" in first textbox and clicked "Submit". (";[semicolon]" after 2013 was used to tell the server that one command is over and another command has started, which in our case is "ls")

There was the solution and I got list of all files present in that directory.

Note:- files will also be displayed even if you type this "; ls" (without quotes)

Here you will find a .php file with strange name.
Just copy & paste this file and your url will look like this :
"https://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php"

I got the .php file named "k1kh31b1n55h.php".
Just hit enter and voila....there was your password.

I hope the explanation was proper.

Thanks.....:-)


8 comments:


  1. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; (wizardcyprushacker@gmail.com) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

    ReplyDelete
  2. Gaining access into my wife’s device was not that easy, as my expertise wasn’t that much not until I told AFONKAPETROV@TUTANOTA.COM about this. He helped in cracking the AES (Advanced Encryption Standard) and EXPLOITING all VULNERABILITIES in the device hereby providing a thorough access to the mobile’s data. After all, it was not a waste of effort. There was SEVERE INFIDELITY on her part. Now, I guess I need the divorce immediately and child custody too.

    ReplyDelete
  3. If you really need a professional hacker to hack your cheating boyfriend's/girlfriend's/spouse phone, whatsapp, facebook, bank account hack etc. Or credit score upgrade, I would recommend
    ETHICALHACKERS009@GMAIL.COM
    He has proven to be trustworthy, His jobs are fast and affordable. He has carried out over 3 jobs for me including helping me hack my ex wife's mobile phone and i can't forget when he cleared my credit card debts and improved my credit score to 750. I can put my money on him at anytime!. He's one of the best out there. Spreading the word as my little favor to him for all he's done. Thank me later.

    ReplyDelete

  4. Are you desperately in need of a hacker in any area of your life???

    then you can contact; cyberfiles.hacker@gmail.com

    I will help you at affordable prices, he offer services like
    -hack into your cheating partner's phone(whatsapp,bbm.gmail,icloud,facebook, twitter,snap chat and others)
    -Sales of Blank ATM cards.

    -hack into email accounts and trace email location -all social media accounts,

    -school database to clear or change grades,

    -Retrieval of lost file/documents

    -DUIs -company records and systems,

    -Bank accounts,Paypal accounts -Credit cards hacker

    -Credit score hack -Monitor any phone and email address

    -Websites hacking, pentesting.

    -IP addresses and people tracking.

    -Hacking courses and classes.

    is services is the best on the market and 100% security and discreet work is guaranteed.,...

    ReplyDelete
  5. Welcome. BE NOT TROUBLED anymore. you’re at the right place. Nothing like having trustworthy hackers. have you lost

    money before or bitcoins and are looking for a hacker to get your money back? You should contact us right away it’s

    very affordable and we give guarante to our clients. Our hacking services are as follows:
    -hack into any nkind of phone
    _Increase Credit Scores
    _western union, bitcoin and money gram hacking
    _criminal records deletion
    _Hacking of phones(that of your spouse, boss, friends, and see whatever is being discussed behind your back)
    _Security system hacking...and so much more. Contact THEM now and get whatever you want at
    Superior.hack@gmail.com
    +16692252253


    IT HAS BEEN TESTED AND TRUSTED

    ReplyDelete
  6. I had a fruitless search for a lover, all F.A.K.E acquaintances. I even lost a bit above 39,400 EURO. My worst experience, but I didn’t let him go with this. I had reported this case to AFONKAPETROV@ TUTANOTA. COM . I was able to recover funds he stole from me as a result of AFONKA’S ADVANCED PENETRATION into HIS MOBILE PHONE LINKED TO HIS BANK, SNIFFED HIS MAILS AND WAS ABLE TO H.A.C.K INTO HIS BITCOIN WALLETS. We gained more than I lost and shared BTC with AFONKA. I am so delighted, even donated to charity. I don’t think I’ll try to find love online ever again. It wasn’t a good experience.

    ReplyDelete
  7. MY NIECE HAD ISSUES IN COLLEGE and needed some grades upgraded discreetly, I was directed to contact AFONKAPETROV@ TUTANOTA. COM This was a major breakthrough for us from her failure. The reason behind this was due to s.e.x.u.a.l a.s.s.a.u.l.t.s by the College Professor. This instigated failure for my niece. We had reported the case earlier and nothing was done. Anyway, her grades were successfully changed.

    ReplyDelete
  8. hello i just want to bring to your notice an easy way of becoming a millionaire.I read about a blank ATM card & decided to reach out to this vendor, he then gave me the guidelines & proof of how the card was cloned. Though i wasn’t sure about their services but they assured me of safe & geniue transaction if i obliged to their terms and conditions which i eventually agreed to & 4days later i was delivered a card by the Delivery service which was sent from this hacker. I was shocked when the card dispensed $2000 instant, I've been able to cash out $10k...All thanks to you guys, you can email this real and reliable hacker via email: (verifiedhackinghome.hackers@gmail.com) or whatapp +1 (516) 494 0313  

    ReplyDelete