Basic Mission 8

[Justjealouse]

I have been trying hard not to post unless needed and have literally re-read this whole forum like 5 times.
I have inputed the Is command and have gotten to the place where it lists all of the random .shtml files. Where do i go from here? I heard something about going on /var/ but when i input that it just tells me that a site like that doesnt exist. Also how would you implement /.../? Please help me figure this out

[SoulSeeker]

Omg, this mission took me the longest but here is a hint I hope and not a spoiler. Go look up SSI and find out how to use it to execute a command:D

Good luck

[Justjealouse]

I think i did that though, you mean the Is command or is there more i should be using? I have used Is to get a list of shtml files but i dont see where you can execute a second command from there...\

nvm got it! i am so happy. This mission is pretty easy.

[LupoBHS]

I think i did that though, you mean the Is command or is there more i should be using? I have used Is to get a list of shtml files but i dont see where you can execute a second command from there...\

nvm got it! i am so happy. This mission is pretty easy.

How did you do it? I am stuck at exactly the same place you were before you figured it out. Put me in the right direction because I have been trying on this misson for like ever now. Please help!!!

[trebert]

So I, like many of you, worked my a$$ off trying various things and nothing worked. It pissed me off, and forced me to stay up till 2am (not that late, but later than I wanted to be up). By the way, a message to whomever decided to put that precaution in: I can understand you are worried about safety and those who would do "nasty" things, but to block every single command/parameter except for the right answer and a variation thereof seems extreme and excessive . I'm a "code-by-doer," and so to constantly see the "I'm sorry, you can't even see what that command does" error was ridiculously frustrating. I felt like I was firing in the dark at a tin can: I could only tell whether or not I hit the can, not any information as to where I was aiming/how much I was missing by. I'll leave my frustration-venting rant at that.

But for those of you who were like me, I leave you the following pieces of advice (hopefully none will be censored )
*Don't be discouraged by those who say "omg it's so simple wow I feel so dumb now," because some might be better at certain things/get lucky. It's a tough challenge, hence it being number 8 of 10... Just keep at it, and hopefully you'll find the light through the smoke
*It was posted once before on this forum, and was the thing that cracked it for me, so I will repeat it here. It's a fairly significant help, and it might be censored, but the fact is, you don't need to be in a directory to view it's files. So search around to get a better idea how one might do that. http://www.computerhope.com/unix/uls.htm was the site that was most helpful for me.
*If you've read this far in the forum, well done! That shows perseverance. There is enough actual command hints in this forum that, when put together yield what you're looking for. So that narrows down the permutations at least

[t0sTi]

damn, i just don't no witch command to use o_0.. everyone gets stuck were you can see the files, but i even can't come to that point!! i checked this site;
http://httpd.apache.org/docs/1.3/howto/ssi.html
but wich code to enter??

i tryed

#exec cmd="ls"

and ../#exec cmd="ls"

but i just only get the calender.. o_0

EDIT; i just got the file names, its where your "name" supposed to be standing, i'm not telling witch code to enter, just check the site above here ^^.. problem is that im stuck now where the others where stuck.. xD

EDIT2; phoowh.. i just made it.. :D.. im not telling as everyone that it was quite simple and shit, but here's 1 tip; if you get the warning with too much code shit, you don't have to make you code SHORTER, you know.. ^^
this sites helped me too..
http://www.computerhope.com/unix/uls.htm

[nezus]

I read every msg of every page and i'm still with the "good way" msg ...

the file we are looking for is probably with index.php and level8.php. Do we really need the shtml file who seems be in the tmp subdirectory? (i dunno if my english is understandable :p )

But for the moment it's really frustrating ^^

[Justjealouse]

I hope this isnt too much of a spoiler but ".." in morse code is the letter I which in an Is command would mean...

[nopictureavailable]

alright i see you guys all talking about running shit in unix and everything


yeah i dont know what to use to run Unix, let alone successfully beat this mission.


halp.

[winxptk]

So I, like many of you, worked my a$$ off trying various things and nothing worked. It pissed me off, and forced me to stay up till 2am (not that late, but later than I wanted to be up). By the way, a message to whomever decided to put that precaution in: I can understand you are worried about safety and those who would do "nasty" things, but to block every single command/parameter except for the right answer and a variation thereof seems extreme and excessive . I'm a "code-by-doer," and so to constantly see the "I'm sorry, you can't even see what that command does" error was ridiculously frustrating. I felt like I was firing in the dark at a tin can: I could only tell whether or not I hit the can, not any information as to where I was aiming/how much I was missing by. I'll leave my frustration-venting rant at that.

But for those of you who were like me, I leave you the following pieces of advice (hopefully none will be censored )
*Don't be discouraged by those who say "omg it's so simple wow I feel so dumb now," because some might be better at certain things/get lucky. It's a tough challenge, hence it being number 8 of 10... Just keep at it, and hopefully you'll find the light through the smoke
*It was posted once before on this forum, and was the thing that cracked it for me, so I will repeat it here. It's a fairly significant help, and it might be censored, but the fact is, you don't need to be in a directory to view it's files. So search around to get a better idea how one might do that. http://www.computerhope.com/unix/uls.htm was the site that was most helpful for me.
*If you've read this far in the forum, well done! That shows perseverance. There is enough actual command hints in this forum that, when put together yield what you're looking for. So that narrows down the permutations at least

Oh My Admin....I want to say what everyone else said about it being simple but Then I dis my self cause it took me this long to figure out that I wanted "1 Up" I do linux web hosting & should have known that If ls was listing everything in /missions/basic/%Current_Lvl%/****This Folder**** & I found nothing which mean "Hey Look At The URL...What URL should I Be In?" Duh.....Not /****This Folder****.....No More Words Other wise I'll Spoil It But Man Could It Be Any easyer & Would Anybody Leave this attack one in a live environment...

REVIEW:
1. When You Execute Your Command & It Displays all thoses files...are Any of them the one?
2. Look at the URL that you should be in from the first page where you inject the code & compair it to the URL you are currently in viewing the crap files in /****This Folder*****


most of you here are using the right code when the files display but you are short by a few char's & that leaves me off with two hints

Hint1: something to do with a period & slash
Hint2: Use Quoted Link & don't leave that page till you realy understand it cause I glanced for a few minutes & saw it right away.


MSG 2 HTS & Supporters (The People Who Beat Every Level) Thanks For The Challenge On %Current Level% It Has just inspired Me To Do A Paper On HTS for Extra Cred....I Learned That Security Is Key & I Probly Learned What Tags To Block & Which Are Safe.....lol.....none...