6. Basic Level 9

문제>

레벨 9

Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it. 

풀이>

basic 레벨 8과 비슷한 문제이지만 cgi 환경변수를 입력한 폼이 없습니다. 

하지만, /var/www/hackthissite.org/html/missions/basic/9/ 에 암호가 있다고 하네요.

웬지 Basic 레벨 8 폼에 입력하면 나올것만 같습니다. 

http://www.hackthissite.org/missions/basic/8/ 로 다시 되돌아가서, 폼에 입력을 해봅니다.

<!--#exec cmd="ls /var/www/hackthissite.org/html/missions/basic/9/" -->

p91e283zc3.php 라는 새로운 페이지가 보입니다.

p91e283zc3.php 로 접속하면 암호가 있습니다. 

동영상풀이>

간단한 문제라, 동영상풀이는 없습니다 ^^ 

posted by t@k1Ng

무단으로 퍼가시거나 무단으로 인용하시지 말아주세요. 

인용 및 퍼가셨다면, 댓글 및 출처좀 부탁드리겠습니다.