Skip to main content

HackThisSite : Basics [1- 9 ] | Challenges made by Real hackers


1 to 6 in the above playlist 🔝

 challenge 6 — decryption code : https://github.com/AdithyakrishnaV/Python-for-Penetration-Testing/blob/master/decrypt.py

#hackthissite basic full-section playlist

BASIC 7

  • cal command is the key
  • After a lot of searches, I found this https://www.linuxquestions.org/questions/general-10/unix-cal-command-in-an-odd-situation-370968/
  • The website has set up a script that returns the output from the UNIX cal command. So in the input box, I could type ‘2005’ and hit enter, and it would run the cal command and that year, then return the output on the webpage to view that calendar
  • There is a file (which I don't know the name of) in that dir where the cal command is executed, what would be a possible way to enter something in that text box to find out what the name of it is?
  • Just “ ls ” or “ls -la ” wouldn't work
  • [ cal 2001, cal -y, cal -j ] : this is what happens when we type a year or a flag like “-y” (cal) so type:

2022; ls

  • and it worked
  • Completed

BASIC 8

Server-Side Includes (SSI) Injection:

SSIs are directives present on Web applications used to feed an HTML page with dynamic contents

SSI my detailed medium post:

SSI (Server Side Include)and SSI Injection

SSI (Server Side Includes) are placed in HTML pages to add dynamically generated content to an existing HTML page.SSIs…

medium.com

Hi, au12ha39vc.php index.php level8.php tmp! Your name contains 39 characters.

BASIC 9

Level 9 has no input field and all the levels ara in the same directory so:

come back to level 8 :

<! — #exec cmd=”ls ../../9" →

Labels:

Comments

Post a Comment

Popular posts from this blog

Bug Boundy Methodology, Tools & Resources

Start by defining a clear objective, such as exploiting a remote code execution (RCE) vulnerability or bypassing authentication on your target. Then, consider how you can achieve this goal using various attack vectors like XSS, SSRF, or others - these are simply tools to help you reach your objective. Use the target as how a normal user would, while browsing keep these questions in mind: 1)How does the app pass data? 2)How/where does the app talk about users? 3)Does the app have multi-tenancy or user levels? 4)Does the app have a unique threat model? 5)Has there been past security research & vulnerabilities? 6)How does the app handle XSS, CSRF, and code injection?
Post a Comment
Read more

Install & set up mitmweb or mitmproxy in Linux

Step 1: Go to the mitmproxy page and download the binaries. Step 2: Install the downloaded tar file with the command " tar -xzf <filename>.tar.gz " Step 3: In the FoxyProxy add the proxy 127.0.0.1:8080  and turn it on. Step 4 : In the terminal run command " ./mitmweb " Step 5: Go to the page  http://mitm.it/   and download the mitmproxy's Certificate. Step 6: If you downloaded the certificate for Firefox, then go to " settings -> Privacy & Security -> Click View Certificates -> Click  Import ", then import the certificate.  Step 7: Now you are ready to capture the web traffic. Step 8 : In terminal run " ./mitmweb"
Post a Comment
Read more

CISCO devises configuration commands & info CCNA 200–301

  Repository with all the labs and necessary screenshots: GitHub — AdithyakrishnaV/CCNA_200–301: CCNA 200–301 Practical LABS. CCNA (Cisco Certified Network… CCNA 200–301 Practical LABS. CCNA (Cisco Certified Network Associate) is an information technology (IT) certification… github.com Configure the hostname : Router>en Router #conf t Router (config) #hostname R1 R1 (config)# en  is the shortcut for  enable  command. “ennable” is used to enter Privileged EXEC mode conf t  is the shortcut for  configure terminal command. Used to enter the global configuration mode delete or remove Just put a no in front, it is same across all devices. R1(config)#no interface g0 /0.20 show ip interface Checks the status of the interfaces R1(config) #do show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 unassigned ...
Post a Comment
Read more