dexter@aeron7.com

Basic Mission 8

 

When a name is entered, the system creates a file in /basic/8/tmp/randomjunk.shtml with some irrelevant information in it. If you Google for “.shtml” you’ll see that that is an extension for Server Side Include executables.

Goggling for “ssi exec” you’ll find that <pre</pre> will return the output from running “command”. We know that this is a Linux/Unix server from the directory style, starting with “/” instead of “C:”, so we’ll use the “ls” command to list the contents of the directory. Put “<!–#exec cmd=”ls” –>” as your name and then go to the created file.

You should see a list of randomly named files in the name area like

Using the combination of this and directory transversals (google it – “.” is the current directory, “..” is one directory up) we can go from webroot/missions/basic/8/tmp/ to webroot/missions/basic/8/ without having to specify the full path.

Put “<!–#exec cmd=”ls ..” –> ”as your name and then go to the created file. You should see a list of randomly named files in the name area like

Voila you have made it .Now just head @ http://www.hackthissite.org/missions/basic/8/au12ha39vc.php. If you have better solution than this do not forget to push your code to the comment section.

About the Author

Aloha, I'm Amit Ghosh, a web entrepreneur and avid blogger. Bitten by entrepreneurial bug, I got kicked out from college and ended up being millionaire and running a digital media company named Aeron7 headquartered at Lithuania.

Related Posts

Basic Mission 1   I can call you a pretty dumb as per you are now viewing the walkthrough for...

Basic Mission 2   I can again call you a pretty dumb as per you are now again viewing the walk...

Basic Mission 3   Have a look at the source code of that page and have you noticed the form section?...

Leave a Reply