Hack This Site: Basic Web Challenges – Level 9

Hack This Site: Basic Web Challenges Level 9

Welcome to HaXez, today we’re looking at Hack This Site Basic Web Challenge Level 9. This challenge is similar to level 8 and you have to use the level 8 application in order to complete it. It requires thinking outside the box and using level 8 as the platform to launch the attack. If you haven’t see my previous posts in this series then you can do so here: Part 1Part 2Part 3Part 4Part 5Part 6, Part 7, and Part 8

Basic Web Challenges – Level 9
Basic Web Challenges – Level 9

Testing The Web Application

After logging in and navigating to level 9 you will be greeted with the following page. It looks like Sam has been up to his old tricks. Instead of implementing a strong password system, Sam has decided to continue obscuring the file. The only form on this box is the password form which isn’t injectable.

Web Application Password Submission System
Web Application Password Submission System

Exploiting The Web Application

As there is no form to inject on level 9, we should head back to level 8 and inject that form. We use the same injection that we did last time but we modify it to list out the contents of the 9 directory. The script below performs the same Server Side Include Injection but this time it traverses up two directories in to the 9 directory.

<!--#exec cmd="ls ../../9"-->
Level 8 Web Application
Level 8 Web Application

Retrieving The Password

As with level 8, executing this payload will tell the php script to execute the command and write the output to the shtml file. When clicking view on the following page you will see the listed files including the PHP file containing the password.

Level 9 Directory Listing
Level 9 Directory Listing

Grab the file name and append it to the level 9 url. This should then show you the password which you can copy and paste it in to the level 9 password submission system to complete the challenge.

Web Application Password
Web Application Password
Congratulations
Congratulations