Monday 11 April 2011

Hack This Site (HTS) Basic 7

The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.

"This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:"



In this mission we are told that input in one field would be used as arguments for the unix cal command which prints calendar dates dependent on the input it gets given. The biggest clue they give here is that it tells you that when you click the "view" button the server will execute a unix command. Hopefully at this point you should start to be thinking of the types of things that could be done. The reason we googled how to group commands is because you can't just input a command into the field and hope it gets executed. The cal command expects particular data and the command is going to get executed regardless of what you do, except if you give it just a command such as "ls" (to list a directory in *nix) the command will just fail.

As we work our way through the list of methods to execute shell commands we are crossing out the ones that are not applicable and are hopefully learning something about the ways you can group commands together. The first entry was for single commands which is not what we need as the cal command is already being executed and we need a secodn one on top of that.

The second option is interesting! Mid writing this article it occurred to me that this option whereby commands are seperated via ';'s should work and on testing this method can also be used. An input of "; ls;" also gives the same output. This is the kind of thing you need to be doing; always trying new things and thinking about other ways tasks can be achieved.

The third is to use pipes but this option is not usable as, as it states in the pdf, the "output of command 1 is input to command 2" and calendar dates is not usable input for ls.

Finally, we use the && operator. The reason we use the input "&& ls" is because if the cal command is executed with no arguments it retuns the dates in the current month so we know the command will execute successfully. And as the "&&" operators rely on the command to its left hand side to be successful in order for itself to be excuted we know it always will be. The rest of the tutorial is fairly slef explanitory.

Just to note, although the commands we are allowed to execute are limited for the sites own security, we can still have a little play. Input such as "; ls; cal 2011" or "&& ls && cal 2011" still execute :)

Hack This Site!

No comments:

Post a Comment