Basic 22

May as well get it started ;)

so what am I looking at here, server-side-includes perhaps, using a certain tag?

first you have to know how to enter the commands try googling for server side includes… or use wiki between the two you should find everything you need

ok i need help do we use include virtual and is there a special name of the file for the admin pass text?

thats just it. i know how to enter commands in there, and I've gotten it to list the contents of the current directory, but I can't get it to do much else.

do what??? no… you dont try reading a full article or finding a better one… if you need more help than that pm me and ill see if i can help a little better… dont wanna post spoilers in the forum

oh don't worry, I'm still reading ;)

…and I got it! :p

best hint I can give is look at the source, as always. check the form carefully.

Dangit…

I had commands working.. then they stopped working, and i checked the ones that worked and all, and they return a general error now..

anyone experience the same prob?

try checkin your syntax… pm me what your trying and ill see whats up with it

well the commands are working for me again, but im just a dumbarse i guess…

anyone able to nudge me in the right direction?

i know the dir and some ssi injections.. thats all

Just use a simple injection to see what's in there then ;)

Yeah, just done this one too. Nice and easy, but a good basic challenge. Thanks The_Cell

Nice challenge, I liked it. Just did it. I had some problems with a message telling me "you have not done all parts of this challenge yet", but doing the few small steps once over again made it work.

Btw, it is'nt listed in the list of basic challenges atm.

Zethyr wrote: Btw, it is'nt listed in the list of basic challenges atm.

That's part of the challenge. :happy:

@scorched if you still need help feel free to pm me and ill see if i can give you a nudge

If you all are familiar with HTS basic 8 and 9; then this one is easy

well done!

i am having trouble with this one, i've tried every command from both the wiki and the apache tutorial, but none worked. can i pm someone?

FYI, its very easy … just have to BE EXTREMELY CAREFUL AND EXACT on the syntax

:)

@bigggnick you can pm me and ill see if i can help you

I don't believe this one is working right now, am I right? I used a certain command to look at the pages, and the only 2 are index.php and process.php, nothing that would contain ANY hashed passwords. :|

read what I said on the previous page, very carefully. keep looking. ;)

lesserlightsofheaven wrote: read what I said on the previous page, very carefully. keep looking. ;)

Ty, for some reason right after reading that I got it right away :D

If you read the article for basic 8 from HTS, you'll probably get it pretty fast…it kind of gives you an example that is pretty much perfect…

[url]http://www.owasp.org/index.php/SSI Injection Testing AoC[/url] Got it from:

[url]http://www.google.com/search?q=SSI injection[/url]

Also:

Look at source..ALWAYS do ;)

I know what the server is i know about these types of injections i have worked with them before . I know exactly what i need to do but im failing to find the right syntax that the challenge is wanting to see .

I dont want the answer just a nudge , please .

have you read both those links and the article someone mentioned above you? if after that you still have trouble pm me with a specific question

Yes i did read those articles . Merely to see if there was something i hadnt already learned . There was a few things admitadly that some of the basic command tutorials hadnt spoke on . But yes i did read them .

I have tried only one value along side another value that does work . I did find a couple useless files in one folder but i want to look in a different one . The value im using and its syntax should execute fine in real life . But its not in this challenge .

lol again you should run around your house when u get it

can i pm someone about basic22?

I'm Stuck at the MSG

" You have not completed all parts of the challenge! "

i did every thing :angry:

i (re)did the chall and still ..

is it wrong to press the ( Back ) button >> is that whats causing the problem

EDIT : OK done … Don't press the ( Back ) button :D