Level 9
Challenge:
Network Security Sam is going down with the ship — he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.
In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how…
This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user’s input. The script finds the first occurance of ‘←’, and looks to see what follows directly after it.
Solution:
This is a great challenge, first of all, you have to back to challenge 8' page
and inject this “<! — #exec cmd=”ls ../../9” — ->”
The result of the previous command is as shown in the picture below
Go to p91e283zc3.php, and you will find the password
