Monday, August 12, 2013 Basic Challenge 8 | Shivang Desai

Hi pals,

Here I present challenge 8 of HTS.
It says "The password is yet again hidden in an unknown file. Sam's daughter has begun learning PHP,......."

HTS has clearly mentioned that knowledge of SSI(Server-Side Includes) is needed.

Frankly speaking, I was not knowing about it.
When I searched for it I got to know that its a server-side scripting language and is basically used to include contents of one or more files into the webpage on webserver. Wow, interesting.

links to SSI - and

Now let's get back to HTS challenge interface.
According to the idea of previous challenge, I tried this--> In first textbox, I typed "5h1vang; ls" but the same thing was displayed what I typed.

Then the idea of SSI was clear and got idea that I will have to execute the "ls" command on server using SSI.
So I tried like mentioned below:
<!--#exec cmd="ls .."-->

Tadaaaa.. I got the same scenario as previous challenge and strange named file was infornt of me.

Just copied the file and appended it in url and I got the password.


No comments:

Post a Comment