Hack this site basic 8 help

So back to the topic, Sam decided to make a music site. Unfortunately, he does not understand Apache. Refresh the page and you will see the song name change every time. Think of what they have in common? Put on your hat. Think of how a music site organizes their directories. After you find the password file, here is the most tricky part, at least to me… You look and look and look and look over and over and over again. You will finally find out if you stare at it for long enough.

Favorite sport: Hack. The password is hidden in HTML source code. Basic 3 Now Sam has uploaded the password file. Basic 5 hmmm, same. Basic 6 I found it out by trying different random strings. Basic 7 According to the hint, Sam put the password file under the same directory.

She recently learned about saving files, and she wrote a script to demonstrate her ability. There are two pieces of important information hidden in the text. Firstly, the full file path is mentioned. This suggests to me, that we will need to know the structure of the application in order to exploit it. This is likely going to be the part of the application that we need to attack.

So first, we are going to submit a basic value to the application and see what happens. As you can see from the image below, submitting the test string has written it to a shtml file. The script appears to doing same basic arithmetic to calculate the number of letters in the submitted value.

This suggests, that the application could be vulnerable to a Server Side Include Injection attack. It is also worth nothing that the files are written to the tmp directory but the location of the password is one directory above that. That was the last part of the Basic Missions tutorials. I hope they were helpful and educational.

If you have any corrections or suggestions, feel free to leave a comment. You are commenting using your WordPress. You are commenting using your Google account. You are commenting using your Twitter account. You are commenting using your Facebook account. Notify me of new comments via email. Notify me of new posts via email. Skip to content Keep moving You can do it….

Basic 9: This one is really simple even though it seems tricky in the beginning. Basic In the mission description, it is mentioned that the solution is related to JavaScript. You can view it typing alert document. If you have read about JS injection you know that this is achieved using the following code: document.

Basic This is the last of the Basic Missions and the craziest of all. Share this: Twitter Facebook.