Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 22


inyourcloset's Avatar
Member
0 0

I've ready every post on it, w3, owasp, wki, and the article on this mission. I'm also aware of how to use linux commands, and I've practised them over at overthewire. BUT, I still cannot get the darn thing to work. Here's the pages, if anyone is curious: https://www.owasp.org/index.php/Server-Side_Includes_%28SSI%29_Injection

https://www.w3.org/Jigsaw/Doc/User/SSI.html

https://www.hellboundhackers.org/articles/read-article.php?article_id=732

https://www.owasp.org/index.php/Testing_for_SSI_Injection_%28OTG-INPVAL-009%29

So, "l* ecrtir/eur.php" should be it, considering that's the only thing that works within the url. I've also tried adding the ../../../etc stuff to it, yet still nothing. I've tried at least 30 variants, but I'm still not getting anywhere. These things work on my pc, so why wouldn't they work on the server, with the same command structure. If I could pm someone, that's be great. Because at this point, I'm thinking my issue is just some "strict" syntax that the level designer assigned. Which, I may never find.


Huitzilopochtli's Avatar
....
10 9

The SSI was only needed to find the filenames, once you know what they're called and what dir they are in, you just need to go to the file via the url, the only "hard" part in this was listing the filenames.

The reason that command didn't work, ls lists files in a directory, you're adding a php file then asking it to list the files, not gonna work man, not on the server, not on your pc.


inyourcloset's Avatar
Member
0 0

I don't know if I understand what you mean. Because, I thought I was supposed to find the dir, which would be the secure one, in which I'd assume would hold the password file that it uses when it passes through the verification form. Plus, every post, and article says I'm supposed to do a command like that. When I just pass the ls without anything else, it lists the files on the dir of the page I'm on currently, which contains a php?

EDIT Oh….my…. How did I not try that already?!?!? Like, I spent like 5 hours trying things in it, checking wiki, and blah…

Thank you, man!