Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic web hacking 22


Basic web hacking 22

By ghostghost | 8506 Reads |
0     0

this challenge is very similar to the basic web hacking 8 challenge on hackthissite.org.To complete this challenge ,you need to have an understanding of server side includes(SSI).To get such an understanding i suggest you google for it.Once this has been done ,you review the source(just like all the other basic web hacking missions) and see if you find any new directories .Using the SSI #E*** command and a unix command which allows you to view the contents of a directory you type in the statement in the command box and you will get a list of the files in that directory.Review each file in the directory for anything that lokks like a password.When you have guessed the right password you will get adirected to a page telling you that you have completed the challenge and rewarding you with points.

Goodbye

Comments
Ayr4's avatar
Ayr4 17 years ago

A OK article:happy:

ghost's avatar
ghost 16 years ago

I don't get it I've typed this<!–#exec cmd="ls/../secretdir/secure.php"–>in but it keeps on saying Error: Command not recognized! What am I doing wrong!:@

ghost's avatar
ghost 16 years ago

I must say that this challenge was a pain in the ass, but if you just read a bit and google a bit, then you will find the right answer.

ghost's avatar
ghost 16 years ago

speedy nice article ^^

ghost's avatar
ghost 13 years ago

nice post

@SaMTHG i had the same problem… it is a pain in the ass, you have to get the syntax just perfect. pay attention to the / position (and keep it simple)

ghost's avatar
ghost 13 years ago

and pay attention to your spaces… this challenge accepts only very precise commands

ghost's avatar
ghost 13 years ago

I found the answer on the web, but I am trying to better understand this problem. I went through researching through Google and am familiar with some of the basic SSI commands.

I even tried what SaMTHG tried above but modified his spacing:

<!–#exec cmd="ls/../secretdir/secure.php" –>

Can anyone give me more spcific tips? ;)

ghost's avatar
ghost 12 years ago

:ninja: