Basic web hacking 22
Basic web hacking 22
ghost | 8342 Reads | this challenge is very similar to the basic web hacking 8 challenge on hackthissite.org.To complete this challenge ,you need to have an understanding of server side includes(SSI).To get such an understanding i suggest you google for it.Once this has been done ,you review the source(just like all the other basic web hacking missions) and see if you find any new directories .Using the SSI #E*** command and a unix command which allows you to view the contents of a directory you type in the statement in the command box and you will get a list of the files in that directory.Review each file in the directory for anything that lokks like a password.When you have guessed the right password you will get adirected to a page telling you that you have completed the challenge and rewarding you with points.
Goodbye
ghost 16 years ago
I don't get it I've typed this<!–#exec cmd="ls/../secretdir/secure.php"–>in but it keeps on saying Error: Command not recognized! What am I doing wrong!:@
ghost 15 years ago
I must say that this challenge was a pain in the ass, but if you just read a bit and google a bit, then you will find the right answer.
ghost 12 years ago
and pay attention to your spaces… this challenge accepts only very precise commands
ghost 12 years ago
I found the answer on the web, but I am trying to better understand this problem. I went through researching through Google and am familiar with some of the basic SSI commands.
I even tried what SaMTHG tried above but modified his spacing:
<!–#exec cmd="ls/../secretdir/secure.php" –>
Can anyone give me more spcific tips? ;)