Security Corner

Jan 29 2010   1:14AM GMT

Hacking Skills Challenge – Level 9

Ken Harthun Ken Harthun Profile: Ken Harthun

It’s again time to delve into our Hacking Skills Challenge. Our last challenge was level 8 at and that was almost three months ago. They’re starting to get a little tougher now, but we’ve learned some good techniques that will help us. Here’s the challenge:

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

Pay attention, now. Look at the challenge carefully. There’s some key information on the challenge page:

Network Security Sam is going down with the ship – he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how…

So, it looks like Sam goofed and we may be able to manipulate our directory hack slightly to find the level 9 password. Let’ see… Well, if you try anything in the level 9 page, you just get errors, so maybe this is the key clue: last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only.

So, let’s go back and hack level 8 a little differently and see what happens. Last time, we used the command [<]!–#exec cmd=”ls ..”–[>] (don’t use the brackets) to get us a listing of the level 8 directory (the “../” we used to take us back one level). Can it be as simple as specifying the directory for basic 9 in this way: [<]!–#exec cmd=”ls ../../9”–[>]?

Go back to the level 8 page and enter that string in the “Enter your name” field. Bingo! We get this: Your file has been saved. Please click here view the file. We click that link and we get:

Hi, index.php p91e283zc3.php!

Your name contains 24 characters.

Load p91e283zc3.php in your browser like this:, and you get the password, 3c40ec25.

Go back to level 9 and enter that password. Mission accomplished!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: