Monday, August 12, 2013 Basic Challenge 9 | Shivang Desai

Hello dear ones,

So what was the cool thing you did today..?? 
If it's morning and you are reading this post, then what is the cool thing you wish to do today ?? 

Ok fine, you want to know about me first?? 
hmmmm, yeah..! I got hands on a framework named "recon-ng". It's a reconnaissance tool and believe me, it's awesome. It's very much similar to metasploit in look and feel. I will write on it soon on my primary blog.

Let's get back with HTS challenge 9. Now this is a challenge I enjoyed a lot till now. It's tricky and awesome.

It says: 

"The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure. "

First thing I tried was using the same script that I used in previous challenge ie <!--#exec cmd="ls .."-->
but it din't worked as this command has "<!--" and some kind of validation was applied.

For solving this challenge, two things helped me to get a spark in my mind.
1. HTS has said to have knowledge of directory structure
2. the file was stored in "/missions/basic/9/"

Reaching at this file was a big deal as the textbox provided in the challenge was validating our input.

So I tried to get there indirectly.
By modifying the previous challenge's command of SSI, I achieved it.

Look at the pic below and everything will be crystal clear.
It's a directory structure basic challenges.

Now, through challenge 8 we reached inside tmp folder. It's time to reach to "our target".

IMPORTANT NOTE:- this is all done through challenge-8's interface.

I went in challenge 8's interface and typed following command in first textbox:
<!--#exec cmd="ls ../../9/"-->

This is doing nothing more than traversing back 2 directories and then getting inside directory named "9".
Here we will get our password file. 

[Challenge-8 interface's work is over.]

Now copy&paste our password file's name under this url :

Challenge 9 solved...Now two more to go...

Bye... I hope this was well understood... :-)

1 comment:

  1. Very informative site! Am looking into things to buy, nothing violent or such just for my own gratification in my own home , not hurting anyone maybe myself in long run , but nice to know of a site I can go to to obtain what I want for simple fun in privacy of home
    Crazyask Deep web Links the DarkWeb