In this level our background information is:
This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:Enter the year you wish to view and hit ‘view’.
This is a fun little level it shows how you can inject unix commands into poorly written perl scripts. What Sam has done is created an obscurely name php script that holds an unencrypted password. Sam is showing off his talent by creating a calendar program written in perl. When used correctly the perl script returns a calendar for the year you type in the text box.
Hint: You will need more than one UNIX command to pass this level. Think about how you will enter more than one command and which commands you will need to use to list the files. You will need to change directories and list the files.
HackThisSite Levels, Hacking
In this level our background information is:
Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:
You have recovered his encrypted password. It is:e39h;;6=
Decrypt the password and enter it below to advance to the next level.
In this level Sam has changed several things. He has encrypted the password and we have some how gotten our hands on the encrypted password for this level. Sam has included an encryption form so you can test your password and see if it matches the encrypted password we have found.
Hint: Get yourself an ASCII table and use the encrypt form to crack the encryption. Type a sample password in the encryption form and use the results to figure out the crypto being used.
HackThisSite Levels, Hacking
In this level our background information is:
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.
This level very similar to level 4. The method you used in level 4 may still work in level 5. All in all this level should not take you very long at all.
Hint: How can you change the email address in the script to your email address. I went with a quick and simple javascript injection method. I will post another link here after I finish my javascript injection post.
HackThisSite Levels, Hacking
In this level our background information is:
This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
In this level Sam has made several changes to his login script. As you can see from the background he now hardcoded the password in. But this time he created a script to email him the password because it is a long complex password. How are you going to exploit this script to get to the next level?
Hint: How can you change the email address in the script to your email address. You can do this several ways which will you find.
HackThisSite Levels, Hacking
In this level our background information is:
This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.
In this level Sam has used the same script as level 2 but this time he uploaded the password file. He has made several mistakes that you can exploit to get to the next level.
Hint: Check the source code look for the script that the form posts to and any other interesting items in the source.
HackThisSite Levels, Hacking
In this level our background information is:
Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file…
Sam has smartened up and removed the password from the comments like in level one. He has set up a new script that checks the user entered password with the one saved in a file. But like the background said he forgot to upload the password file.
Hint: What should you type in if you are checking something that does not exist.
HackThisSite Levels, Hacking
In this level our background information is:
This level is what we call “The Idiot Test”, if you can’t complete it, don’t give up on learning all you can, but, don’t go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue.
This is a very simple level it should take you all of 30 seconds to figure out.
Hint: Check the source code and look for comments.
HackThisSite Levels, Hacking
Recent Comments