Hack This Site Basic 8

It’s been a while since I haven’t added any article to my blog, so here I’m back again with the solution of the eighth  basic mission of HTS challenges. To solve This mission you need to know SSI (Server Side Includes) which is dynamic HTML executed by the server.

This time we’re gonna use Sam’s young daughter script to help us solving this challenge, she wrote a PHP script that stores the user name in a file within this directory  “/var/www/hackthissite.org/html/missions/basic/8/tmp/” but the directory that we are intrested in is just one level up, where the file containing the password resides. Now we have to make Sam’s daughter script include the file listing of the directory that contains the password file, and to do this we have to use SSI, and make the server call the “ls” linux command, to do this enter as your name “<!–#exec cmd=”ls ..” –>” (without the quotes, double hyphen near the exlamation mark and the greater than sign), after this you will get the name of the file containing the password, as for me it was “au12ha39vc.php”

Now all you have to do is to navigate to this file with your browser http://www.hackthissite.org/missions/basic/8/au12ha39vc.php, and there it is your password, enter it, Congratz you have completed the eighth mission.

Hack This Site basic 5

This mission is very easy, especially if you are using firefox and the “Tamper data” add-on. All you have to do to pass this mission is to modify the hidden “to” field in the first form on the page (you can see it by viewing the source of the web page Ctrl + U under firefox), and to do this open Tamper data (Tools -> Tamper data), then hit the “Start tamper” button. Now, go back the to mission page and click on the “Send password to Sam” button

click on the “Tamper” button

now throw in any email address you want, once done you will get Sam’s password, enter it, congratz you’ve completed the 5th basic mission of HTS.