HackThisSite - Basic mission 7

Posted Mar 29, 2022 Updated Nov 22, 2023

By Nasrallah Baadi 1 min read

Description

Hello l33ts, I hope you are doing well. We will be doing Basic mission 7 from HackThisSite

Solution

Let’s navigate to the challenge page.

With the script Sam has set up, we can enter a year’s and get its calendar.

The user input get passed to the cal command, so the full command would like this cal {user_input} and we get back the output of that command. We can escape the cal command with a semi-colon and run the ls command, entering ;ls will result in the following:

We managed to list the content of the directory the strangely named php file that contains the password, navigating to it gives us the password.

Thank you for taking the time to read my writeup, I hope you have learned something with this, if you have any questions or comments, please feel free to reach out to me. See you in the next hack :) .

HackThisSite, Basic missions

This post is licensed under CC BY 4.0 by the author.

Description

Solution

Trending Tags