Monday, August 12, 2013

hackthissite.org Basic Challenge 8 | Shivang Desai


Hi pals,

Here I present challenge 8 of HTS.
It says "The password is yet again hidden in an unknown file. Sam's daughter has begun learning PHP,......."

HTS has clearly mentioned that knowledge of SSI(Server-Side Includes) is needed.

Frankly speaking, I was not knowing about it.
When I searched for it I got to know that its a server-side scripting language and is basically used to include contents of one or more files into the webpage on webserver. Wow, interesting.

links to SSI -
http://en.wikipedia.org/wiki/Server_Side_Includes and
http://www.javascriptkit.com/howto/ssi.shtml

Now let's get back to HTS challenge interface.
According to the idea of previous challenge, I tried this--> In first textbox, I typed "5h1vang; ls" but the same thing was displayed what I typed.

Then the idea of SSI was clear and got idea that I will have to execute the "ls" command on server using SSI.
So I tried like mentioned below:
<!--#exec cmd="ls .."-->

Tadaaaa.. I got the same scenario as previous challenge and strange named file was infornt of me.

Just copied the file and appended it in url and I got the password.

Thanks---

No comments:

Post a Comment