The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.
Level 7
This time Network Security Sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.
In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:
Enter the year you wish to view and hit 'view'.
___________________
|___________________|
view
Password:
___________________
|___________________|
submit
Solution:- First, you could input "2012" into the field and press view, then it will display the calendar of 2012 from Sam's computer. Yes, it's an Unix-like system, and the result is from a PERL CGI (Common Gateway Interface) called cal.pl.
- You need to know the basic command to list files and directories in Unix-like system is "ls".
- And the other thing you need to know in Unix-like system is the semicolon separator tells bash to execute each program consecutively in the order you give.
- So, back to the level page, and this time you should input "2012; ls" in the field and press the view button. In the bottom of the displayed page, you will find the list of files and directories below.
.
..
cal.pl
index.php
k1kh31b1n55h.php
level7.php - Access the php file directly
Visit: hxxp://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php
- There's the text on the page.
38f96efd
- Back to the level page and submit the password
- Congratulations, you have successfully completed basic 7!