hack this site basic 10

For this 10th basic mission, Sam has used a more “hidden” approach to authenticate users. since viewing the source is a dead end, I tried another approach which is to view the HTTP request headers using Live HTTP headers which is another, very useful firefox addon (grab it here), I could also have used Tamper data for that. Anyway, after monitoring the headers I’ve found an insteresting thing as shown here:

Live HTTP headers

As you can see, it’s an interesting information that we got here, we know that Sam is using a cookies based authentication method this time. We know this, now what?.

Now we must change the value of the cookie named “level10_authorized” to “yes”, and to do this, you can use raw Javascript or use a firefox addon such as tamper data, firebug,etc…

We will do it in raw JavaScript: while on the 10th mission webpage enter this JavaScript code in the address bar:

javascript:function a(){document.cookie="level10_authorized=no";}a();

Now click on the submit button, Congratz, you’ve completed the 10th mission

Hack This Site basic 9

To solve this challenge you must know Directory traversal, SSI and *nix directory structure. In this mission Sam screwed up somewhere when he was trying to limit the use of SSI to the level 8 only, this is a big spoiler on how you should proceed to achieve this mission, in other words you have to use Sam’s daughter script once again to find the hidden file containing the password.

Back in the previous mission, we know that the file that is supposed to containt our name is stored in this directory “/var/www/hackthissite.org/html/missions/basic/8/tmp/” and we got the directory listing of “/var/www/hackthissite.org/html/missions/basic/8/” with this command <!–#exec cmd=”ls ..”–> where the two dots mean: one level up. What we need to do is to climb another level up (/var/www/hackthissite.org/html/missions/basic/) and list the content of the folder named “9″ (/var/www/hackthissite.org/html/missions/basic/9/)  where the file containing the password is, the SSI command will be “<!–#exec cmd=”ls ../../9/”–>” once you submit this, you will get the name of the file containing the password. Once done, append it to this address “http://www.hackthissite.org/html/missions/basic/9/” (ex: http://www.hackthissite.org/html/missions/basic/9/p91e283zc3.php) and navigate to it, here you got your password .

How to install Nvidia’s Drivers On Debian

Since this is my first post within the Linux category I wanted to show you how to install Nvidia’s proprietary drivers on your Linux system, since this is the first thing I do after installing my Debian. Now let’s start by downloading the latest drivers from nVidia’s website at this address : http://www.nvidia.com/Download/index.aspx?lang=en-us choose your operating system (Linux 32 bits or x64).

When the download is over, open a Terminal window and enter the following commands as a root (let’s assume that your downloaded file is in “/home/<your user name>/downloads/”) :

$ cd /home/<your user name>/downloads/  //this will change the working directory to the one where our downloaded file is.
$ chmod u+x NVIDIA-Linux-x86-173.14.05-pkg1.run //this will make the script based installer executable
$ init 3 //Sets the current run level to 3
$ /etc/init.d/gdm stop //stops the X server (if the x server was not stopped when switching the 3rd run level) if you are using KDE type "kdm" instead of "gdm".
$ ./NVIDIA-Linux-x86-173.14.05-pkg1.run //runs the installer. just follow the instructions. Accept when prompted to run the xconfig tool
$ /etc/init.d/gdm start //starts the X server

if the installation completed successfully you should see nVidia’s logo at startup.

Hack This Site Basic 8

It’s been a while since I haven’t added any article to my blog, so here I’m back again with the solution of the eighth  basic mission of HTS challenges. To solve This mission you need to know SSI (Server Side Includes) which is dynamic HTML executed by the server.

This time we’re gonna use Sam’s young daughter script to help us solving this challenge, she wrote a PHP script that stores the user name in a file within this directory  “/var/www/hackthissite.org/html/missions/basic/8/tmp/” but the directory that we are intrested in is just one level up, where the file containing the password resides. Now we have to make Sam’s daughter script include the file listing of the directory that contains the password file, and to do this we have to use SSI, and make the server call the “ls” linux command, to do this enter as your name “<!–#exec cmd=”ls ..” –>” (without the quotes, double hyphen near the exlamation mark and the greater than sign), after this you will get the name of the file containing the password, as for me it was “au12ha39vc.php”

Now all you have to do is to navigate to this file with your browser http://www.hackthissite.org/missions/basic/8/au12ha39vc.php, and there it is your password, enter it, Congratz you have completed the eighth mission.