Security Corner

Jan 29 2010   1:14AM GMT

Hacking Skills Challenge – Level 9

Ken Harthun Ken Harthun Profile: Ken Harthun

It’s again time to delve into our Hacking Skills Challenge. Our last challenge was level 8 at and that was almost three months ago. They’re starting to get a little tougher now, but we’ve learned some good techniques that will help us. Here’s the challenge:

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

Pay attention, now. Look at the challenge carefully. There’s some key information on the challenge page:

Network Security Sam is going down with the ship – he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how…

So, it looks like Sam goofed and we may be able to manipulate our directory hack slightly to find the level 9 password. Let’ see… Well, if you try anything in the level 9 page, you just get errors, so maybe this is the key clue: last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only.

So, let’s go back and hack level 8 a little differently and see what happens. Last time, we used the command [<]!–#exec cmd=”ls ..”–[>] (don’t use the brackets) to get us a listing of the level 8 directory (the “../” we used to take us back one level). Can it be as simple as specifying the directory for basic 9 in this way: [<]!–#exec cmd=”ls ../../9”–[>]?

Go back to the level 8 page and enter that string in the “Enter your name” field. Bingo! We get this: Your file has been saved. Please click here view the file. We click that link and we get:

Hi, index.php p91e283zc3.php!

Your name contains 24 characters.

Load p91e283zc3.php in your browser like this:, and you get the password, 3c40ec25.

Go back to level 9 and enter that password. Mission accomplished!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: