Hello dear ones,
So what was the cool thing you did today..??
If it's morning and you are reading this post, then what is the cool thing you wish to do today ??
Ok fine, you want to know about me first??
hmmmm, yeah..! I got hands on a framework named "recon-ng". It's a reconnaissance tool and believe me, it's awesome. It's very much similar to metasploit in look and feel. I will write on it soon on my primary blog.
Let's get back with HTS challenge 9. Now this is a challenge I enjoyed a lot till now. It's tricky and awesome.
"The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure. "
First thing I tried was using the same script that I used in previous challenge ie <!--#exec cmd="ls .."-->
but it din't worked as this command has "<!--" and some kind of validation was applied.
For solving this challenge, two things helped me to get a spark in my mind.
1. HTS has said to have knowledge of directory structure
2. the file was stored in "/missions/basic/9/"
Reaching at this file was a big deal as the textbox provided in the challenge was validating our input.
So I tried to get there indirectly.
By modifying the previous challenge's command of SSI, I achieved it.
Look at the pic below and everything will be crystal clear.
It's a directory structure hackthissite.com basic challenges.
Now, through challenge 8 we reached inside tmp folder. It's time to reach to "our target".
IMPORTANT NOTE:- this is all done through challenge-8's interface.
I went in challenge 8's interface and typed following command in first textbox:
<!--#exec cmd="ls ../../9/"-->
This is doing nothing more than traversing back 2 directories and then getting inside directory named "9".
Here we will get our password file.
[Challenge-8 interface's work is over.]
Now copy&paste our password file's name under this url :
Challenge 9 solved...Now two more to go...
Bye... I hope this was well understood... :-)