Hello there, a new mission has been added, Basic 11. First of all take a quick peek at what the overview of the mission is:
“Sam decided to make a music site. Unfortunately he does not understand Apache.”
This basically tells us at first glance that Sam has messed up again, probably opening up a vulnerability or exploit somewhere which can help us with the mission.
Next, taking a brief look at the page, you will find something interesting in the source. Guess he is hiding that pirated music somewhere. Now, think of this:
How would a noob web designer stash his music when he has not much of an ability to write a PHP script to search for it?
Here’s a tip if you haven’t got it so far: Think who about the song title.
Then it’s time to get to basics and find out how he stashed the music. Found it so far? Hint: Take it one step until you’re fully up the ladder.
Then you will find that you cannot go any further. Now it’s time to do a little research. How does an Apache server keep files hidden? This will lead you to another file where the vulnerability search begins.
In the file you’ll see some code. Now, look at the first sentence. If you’ve done your research fully you will find that the settings will take place only if he restarts the server. This is where he made his mistake. The first sentence dictates that the file you are viewing cannot be viewed/is hidden. So the other file there is accessible. Now comes the part where if you’ve been to a grammar school will be easy.
Analyse the sentence which supposedly should contain the password. If you haven’t found it yet, there’s no need to take an English refresher course. Just think literally.
Found it? Now where do we input it? Since Sam doesn’t understand Apache, think where the default page should be. Then enter the password.
Congratulations, you have completed Basic 11!
Cheers,
IncandescentLight
Showing posts with label hackthissite basic. Show all posts
Showing posts with label hackthissite basic. Show all posts
Saturday, February 7, 2009
Saturday, August 2, 2008
Hacthissite Basic missions
Hackthissite Basic 1
After you learned HTML, view the source. In a comment will be the password for this level. To view the source wight-click the page and select view source or ViewSource on you menu bar. Press CTRL+F in the source and find 'password is' without the quotation marks.
Hackthissite Basic 2
'However, he neglected to upload the password file...'
So since there is no file it will be reffered to as nothing so just hit the submit button without typing anything.
Hackthissite Basic 3
Now look in the source code. You will find:
Paste password.php in your URL bar with so it is http://www.hackthissite.org/missions/basic/3/password.php and that is where the password is.
Hackthissite Basic 4
Again, look in the source code. You will find " input type="hidden" name="to" value="webmaster@hulla-balloo.com"> ". Now just change the value to your email, save as .HTML and click the button!
Hackthisste Basic 5
Paste javascript:alert( document.forms[0].to.value = youremail@youremail.org). This is a javascript injection which will alter the hidden fields of a page.
Hackthissite Basic 6
This site will help you. http://www.asciitable.com/. What you need to know is that for every new space the ascii value will be n+1, n being the ascii value added to the previous one.
Hackthissite Basic 7
Now, research unix commands. The most likely would be "ls". Now, how do you input two unix commands in one command line? Paste "&& ls" into the the box, locate the file and view it.
Hackthissite Basic 8
Paste into the name box and hit enter. Thi
s is an SSI command which will instruct the server to show all the files.
Hackthissite Basic 9
Paste into the submit box in the Basic 8 mission. This will search for the file in the Basic 9 directory.
After you learned HTML, view the source. In a comment will be the password for this level. To view the source wight-click the page and select view source or ViewSource on you menu bar. Press CTRL+F in the source and find 'password is' without the quotation marks.
Hackthissite Basic 2
'However, he neglected to upload the password file...'
So since there is no file it will be reffered to as nothing so just hit the submit button without typing anything.
Hackthissite Basic 3
Now look in the source code. You will find:
Paste password.php in your URL bar with so it is http://www.hackthissite.org/missions/basic/3/password.php and that is where the password is.
Hackthissite Basic 4
Again, look in the source code. You will find " input type="hidden" name="to" value="webmaster@hulla-balloo.com"> ". Now just change the value to your email, save as .HTML and click the button!
Hackthisste Basic 5
Paste javascript:alert( document.forms[0].to.value = youremail@youremail.org). This is a javascript injection which will alter the hidden fields of a page.
Hackthissite Basic 6
This site will help you. http://www.asciitable.com/. What you need to know is that for every new space the ascii value will be n+1, n being the ascii value added to the previous one.
Hackthissite Basic 7
Now, research unix commands. The most likely would be "ls". Now, how do you input two unix commands in one command line? Paste "&& ls" into the the box, locate the file and view it.
Hackthissite Basic 8
Paste into the name box and hit enter. Thi
s is an SSI command which will instruct the server to show all the files.Hackthissite Basic 9
Paste into the submit box in the Basic 8 mission. This will search for the file in the Basic 9 directory.Hackthissite Basic 10
Ahh, editing cookies. Use this javascript injection: javascript:void(document.cookie="level10_authorized=yes") to edit the cookies. Paste the javascript injection in the URL bar.
Ahh, editing cookies. Use this javascript injection: javascript:void(document.cookie="level10_authorized=yes") to edit the cookies. Paste the javascript injection in the URL bar.
Subscribe to:
Posts (Atom)
