You are now browsing the archive for March in 2007.
A post from a LiveJournal blog showed up in my RSS reader along with its full content. I couldn’t remember that blog, and so I followed the accompanying link to the post.
Error. You must be logged in to view this protected entry.
Unfortunate for you, MySpace (and blog-owner), your feed is not protecting very well.
Peace Poetry: HACKED: A little girl made a website to put poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?
In Hack This Site, Realistic mission 3, you have to recover a hacked poetry-site. Only basic knowledge is required, although it could be difficult to come up with the ideas.
From: PeacePoetry
Message: I run this website where people can read and submit peace-related poetry. I am doing this out of good will towards others, and I don’t see why I would be making enemies out of this, but some real asshole hacked my website posting a bunch of ignorant aggressive propaganda on the front page. And I made that website a while ago, and I no longer have access to it. Do you think you can hack in and change it back? Please? Oh, and bonus points if you message me the name of the bastard who did this!
My website can be found here.
You should have no problems understanding that the landing page is hacked. The first thing you do is of course to check the source code. This part is a bit tricky and unrealistic: look through the source very carefully. You should notice that it ends in a lot of linebreaks, and an HTML-comment on the very last line. It reads:
<!--Note to the webmasterThis website has been hacked, but not totally destroyed. The old website is still up. I simply copied the old index.html file to oldindex.html and remade this one. Sorry about the inconvenience.-->
A nice hacker indeed. Now go to oldindex.html in that directory, and you will see the site. Browse it a bit until you are familiar with how it works.
Now, we have to make some assumptions about the system. From the wording “Poems will be stored online immediately”, we can assume that the poems are saved in separate files. Thus, the filename is probably the title of the file. The file that we want to overwrite is index.html. Try to submit a poem with that title — unfortunately, it won’t work.
The reason is that the file is stored in another directory. (If it was stored in the current directory, it would get quite messy after a while, and the webmaster is a girl.) This means that we want to save the file in the directory that is below the one that it would originally be stored in.
How to save it in another directory? Well, you should know about directory transversal from Basic Web 9 — “..” means “up one directory”. Therefore, try to submit a poem called ../index.html.
Sorry, you have the right idea how to beat the level, but the text you entered did not match the contents of the old website. You have to put the old website up, meaning putting up the old index.html
Just copy the source-code of oldindex.html and let that be the text of the poem. Mission accomplished.
Använder FireStats