Monday, August 12, 2013

hackthissite.org Basic Challenge 7 | Shivang Desai

Hello friends,

Here's the Challenge 7 of HTS(HackThisSite).

"The password id hidden in an unknown file, and Sam has set up a script to display a calender. Requirements: Basic UNIX command knowledge"

When I entered a year in first textbox of this challenge, then some command(UNIX command) got executed through "cal.pl" and it displayed calender of that year.

Now, in "Requirements", they have written that knowledge of UNIX command is required.

First thing that came in my mind was a short list of UNIX command which included following.
-cat
-echo
-ls
-cd
and some others. But none was useful except "ls".

The description of challenge 7 says that Sam has kept that file in same directory where "cal.pl" was present.

According to the scenario, only one command fits and that is "ls" as we want to see other files present in this very directory.

Finally the idea was clear.

I just typed in "2013; ls" in first textbox and clicked "Submit". (";[semicolon]" after 2013 was used to tell the server that one command is over and another command has started, which in our case is "ls")

There was the solution and I got list of all files present in that directory.

Note:- files will also be displayed even if you type this "; ls" (without quotes)

Here you will find a .php file with strange name.
Just copy & paste this file and your url will look like this :
"https://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php"

I got the .php file named "k1kh31b1n55h.php".
Just hit enter and voila....there was your password.

I hope the explanation was proper.

Thanks.....:-)


No comments:

Post a Comment