Security Corner

Oct 28 2009   12:15AM GMT

Hacking Skills Challenge – Level 7



Posted by: Ken Harthun
Tags:
Command line
Ethical hacking
Linux
Password
Security

Once again it’s a slow security news week, so time to tackle the next hacking skills challenge level. So far, we’ve explored the first 6 basic missions at HackThisSite.org. The difficulty level is supposed to increase at each level, but this one is only difficult if you don’t know Linux. Here’s the challenge:

The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.

This time Network Security Sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command.

This one is so easy you don’t even have to look at the source code. But you do have to know about chaining commands in Unix.

If you enter a year, you’ll get a full 12-month calendar with all weeks beginning on Sunday displayed on the resulting output page. This is default behavior of the cal command. It looks like all the script does is execute the command, taking your input as a parameter.  We can prove this by leaving the field blank; the script returns the current month and year, i.e., default behavior.

The key to cracking this one is the phrase “…obscurely named file saved in this very directory.” We know the permissions are good to run commands on that directory, so let’s just chain the ls — list directory contents — command and see what happens. (You chain commands in Linux using && between them.) Enter the following in the text box: && ls and click the View button. Here’s the output:

       October 2009
Mon Tue Wed Thu Fri Sat Sun
              1   2   3   4
  5   6   7   8   9  10  11
 12  13  14  15  16  17  18
 19  20  21  22  23  24  25
 26  27  28  29  30  31

.
..
level7.php
cal.pl

index.php
k1kh31b1n55h.php
perl5.8.9.core

Looks to me like k1kh31b1n55h.php is our file. Stick it in the URL and open it up. Voila! The password, f866d6b9, is revealed.

Mission accomplished!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: