What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Basic 9


The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

Level 9

Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it.

  1. From the hint, you know you should reuse the skill in Level 8 to find out the obscured password file in this Level.
  2. Just go back to Level 8 and change the injection code.
    < !--#exec cmd="ls ../../9" -- >    where the two dots mean "one level up".
    because you need to do directory traversal
  3. Then you will get a link which indicates a randomly generated page to you.
    Your file has been saved. Please click here view the file.
  4. There's the text on the page.
    Hi, index.php p91e283zc3.php!

    Your name contains 24 characters.
  5. Now you know "p91e283zc3.php" is the obscured password file.
  6. There's the text on the page.
  7. Back to the level page and submit the password
  8. Congratulations, you have successfully completed basic 9!