Hackthissite/Basic/Level7

From aldeid
Jump to navigation Jump to search
  • Level: Basic::7
  • URL: http://www.hackthissite.org/missions/basic/7/
  • Exercise: The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge. This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory. In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script. Enter the year you wish to view and hit 'view'..
  • Solution: This form is not secured. Indeed, you can inject commands in the date field. Try to enter ";ls -l". It will produce a calendar and the result of our command. We see a file named "k1kh31b1n55h.php". By calling this file in the url (http://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php), we get the password: f771e5b2.

Comments