Home > IT Blogs > Security Corner > Hacking Skills Challenge – Level 9
>>VIEW ALL POSTS  

Security Corner

«
»
Jan 29 2010   1:14AM GMT

Hacking Skills Challenge – Level 9



Posted by: Ken Harthun
Command line, Ethical hacking, Hacking, Linux, Password, Security

It’s again time to delve into our Hacking Skills Challenge. Our last challenge was level 8 at HackThisSite.org and that was almost three months ago. They’re starting to get a little tougher now, but we’ve learned some good techniques that will help us. Here’s the challenge:

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

Pay attention, now. Look at the challenge carefully. There’s some key information on the challenge page:

Network Security Sam is going down with the ship – he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how…

So, it looks like Sam goofed and we may be able to manipulate our directory hack slightly to find the level 9 password. Let’ see… Well, if you try anything in the level 9 page, you just get errors, so maybe this is the key clue: last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only.

So, let’s go back and hack level 8 a little differently and see what happens. Last time, we used the command [<]!–#exec cmd=”ls ..”–[>] (don’t use the brackets) to get us a listing of the level 8 directory (the “../” we used to take us back one level). Can it be as simple as specifying the directory for basic 9 in this way: [<]!–#exec cmd=”ls ../../9”–[>]?

Go back to the level 8 page and enter that string in the “Enter your name” field. Bingo! We get this: Your file has been saved. Please click here view the file. We click that link and we get:

Hi, index.php p91e283zc3.php!

Your name contains 24 characters.

Load p91e283zc3.php in your browser like this: http://www.hackthissite.org/missions/basic/9/p91e283zc3.php, and you get the password, 3c40ec25.

Go back to level 9 and enter that password. Mission accomplished!

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment: