Basic 9

Could someone give me some help on what to do for 9 pls??? I'm 100% confused. I found every file/pass that is needed for basic 8 execpt that I get an error when I try to login using one of the files.

Am I missing something or is the challenge broke?

yeah ive gotten to the login screen with the two password boxes and i know i need something from basic 8 but wat is it that you could use. ive gone through basic 8 5 times and nothing there that basic 9 could use.

glad to know it's not just me ;)

I have found that is has something to do with NULL and how the search engine works, like in the POST variavle codes (if you know php you know what I am talking about), where the file search is, you have to put in something like ../(file you want to view in previous folder)%00. This is a common exploit that was used for cgi's (yuk!), even though the file may not permit you to access it, it will, because it thinks its a NULL command after it is executed (ie executing the command, without it knowing it is).

That is all this info I have gotten with the NULL commmand, and it hasnt seemed to help, but maybe it will help peice the puzzle togeather.

Which leaves us to the question of what unobtainable file do we need to get? I know the exploit you are talking about and it seems a bit logical for the mission, but I am not sure if this is the right direction.

When it says "cannot be injected by the url" it would make you think we would be using SQL injection, right?

Well, injection can mean many thinks, trojan injection, java injection, SQL injection, etc. Maybe a javscript command to change the way search.php searches for the files?

But the only sensible injection on this mission seems to be SQL related. Though this mission seems to be full of a lot of rubbish and really throws you off track not knowing if everything is relevant to the winning of the mission or not.

got it now thx to hackerbabe ;)

Think about the Poison Null Byte exploit ;)

btw, there are some MAJOR spoilers in previous topics, clear them please!!!

well i was looking around again and i decide not to search the login but search the search and then it said in bold that i was in the file… do i do something from here and if i do i tried to do and SQL inject where thr FROM is from the search

is that right?

Yeah, saying you're inside the file intrigued me, although you can't see what the file consists of. I'm guessing direct access to the file bypasses the security features, so you can inject SQL?

Just a hint on where to inject this damn code, is needed.

yeah just a small hint is good enough… that way i can get this over with.. :)

heh i used the %00 thing :) although i don't understand it i just guessed where to put it… someone explain me the idea please :)

• hint * parse the null byte through the search form not into the URL…