Sam still believes saving the password in a file is still the best way to remember it and keep it secured, time to prove him wrong once again. As the description says the password is in the same directory(folder) as we are.
This time Network Security Sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.
The second line of the description tell us about one another news that came from Sam, about setting up an UNIX cal command script and with that we are provided with the script even.
In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script.
Like always lets check the source code first and here it is.
<form action=”/missions/basic/7/cal.pl” method=”post”>
The source code tells us the path of UNIX cal script. So here we are, all in the same place, our index page, cal script and password file in the same directory. All we are left to do is find the name of password file. But how do we do this?
Let’s check what this script does. It says, “Enter the year you wish to view and hit ‘view’.”. So we check it out, enter say ‘2011’ and what it does is gives out the calendar of year 2011.
A hackers brain at this point now knows what to do, it is to use such an UNIX command that lists all the files in the directory. If you have used UNIX, you would know that there are commands to list all the elements in the directory. in case you haven’t, find them out.
But it wont alone help out, as the script is supposed to generate a calendar for the given year. What we have to do now is generate a calendar as well as get the directory listing, this can be done by concatenating two UNIX commands. Just do some googling and you can find both the command.
When you have both the command, do some directory snooping and tada. Here it is.
Spoiler: Command for directory listing is ‘ls’ and to concatenate two commands is ‘;’.
Answer: It is ‘year; ls’. The year first for cal file then the directory listing command.
What did we learn?
Unix commands for directory listing and concatenation. As well, the source code is still as important as it was ever.
Good luck!!!
- PHP syntactic sugar code example - September 5, 2021
- Python convert random string date format to Datetime - July 12, 2021
- Laravel Custom Exception Handlers - March 28, 2019
Why don’t other UNIX commands work like ls, iwconfig, etc commands work??
The administrators at HTS have blocked other commands.
Bahut Badiya…….
Sahi pakdey Haiiiiii//////