I had a bit of time so I thought I would take a look at Level 1 on Logic.
Not much of an introduction.. http://logic.smashthestack.org:88/
We don’t have shell access and only have the link to the uploader. If you submit a file the next page is PHP, so we know the site is PHP enabled.
First thing I tried was a basic hello php script, just to see what would happen.
Ta-da it worked, we got a hello back.
Next I tossed some ‘ls’ commands at various directories to see what was going on.
Not much stands out, just the README file left in the level1 home directory.
Congrats on getting to the shell. Now you must find the password for level2. Once you have found the password you can reconnect to the server as the level2 user: ssh -p 2227 logic.smashthestack.org -l level2 You need not look far from home
So now what? lets take another look at the home directory with a ‘ls -alh’.
There is one more file to look at, a .bash_history.
ls who cat README ach3sa6F clear su level2
Yay for fat fingers, there is the password.