• Blog
• Plugins
• Code
• Guides
• Papers

31 Comments »

1. I hadn’t realized that you had to go back to level eight’s site to input it in the code.

   Comment by Evan — December 3, 2006 @ 9:53 pm

2. Comment by Anonymous — January 20, 2007 @ 11:16 pm

3. Dude i dont know if i love it b/c u gave me the answer or hate it b/c u gave away the answer…. ur lucky u dont get hacked really…

   Comment by Nunya — March 3, 2007 @ 11:29 pm

4. Nunya, why did you read this if you didn’t want the answer?

   Comment by Tim — March 4, 2007 @ 7:49 pm

5. i tried the command and it gave a php, but i get an error when i try it. help me please!

   Comment by dojo — March 5, 2007 @ 5:05 am

6. sry thats what i ment and hey jack whats up you will probably read this you dick !!!!!!!!!!

   can someone plz help i did not really get the last mission i got the answer from some one eles but how do you get the answer from “”

   i went back to level 8 and input it into the name thing and i got this Hi, index.php p91e283zc3.php!

   Your name contains 24 characters.
   how do i open that and get the answer?
   plz help

   Comment by ruben — April 6, 2007 @ 3:04 am

7. dojo: What error do you get?

   ruben: Go to that file, just like you would go to index.php: http://www.hackthissite.org/missions/basic/9/au12ha39vc.php . Remember that it should be 9. Also, ruben, you should really try to understand mission 8 since this is essentially an extension of it. Feel free to comment if you want me to specify anything.

   Comment by Tim — April 6, 2007 @ 9:10 am

8. i totally do not get how to do this, please help

   Comment by demears — April 6, 2007 @ 11:17 am

9. i totally do not get how to do this, please help.

   Comment by demears — April 6, 2007 @ 11:17 am

10. demears, please specify what you do not understand. I cannot simply repeat the original post.

    Comment by Tim — April 6, 2007 @ 12:25 pm

11. Hi, everybody i got this error message when i put, in level8’s box (the one for the name):

    Warning: fopen(/usr/local/www/hackthissite.org/html/missions/basic/8/tmp/dgnwtmav.shtml) [function.fopen]: failed to open stream: Permission denied in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 170

    Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 171

    Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 172
    Your file has been saved. Please click here view the file.
    Warning: unlink(./tmp/usapcmuq.shtml) [function.unlink]: Permission denied in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 184

    Warning: unlink(./tmp/jplwbyfo.shtml) [function.unlink]: Permission denied in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 184

    Warning: unlink(./tmp/xjquxfgd.shtml) [function.unlink]: Permission denied in /usr/local/www/hackthissite.org/html/missions/basic/8/level8.php on line 184

    Thanks..

    Comment by Compere — April 10, 2007 @ 8:28 pm

12. *EDIT*
    ..when i put, in level8’s box (the one for the name)
    This

    Comment by Compere — April 10, 2007 @ 8:30 pm

13. Sorry *EDIT* again but it didn’t show the line after “This”

    I got the erroe message from comment 11 when i put “the line” below “In the last mission, you entered the following in the name field:” from the tutorial
    Thanks again and excuse my english.

    Comment by Compere — April 10, 2007 @ 8:34 pm

14. Compere: I tried it too, and it seems that both this mission and mission 8 are down. You currently can’t submit any name.

    Comment by Tim — April 11, 2007 @ 5:34 am

15. So what can we do now if the thing is down??

    Comment by Tony — April 11, 2007 @ 5:52 am

16. Tony: Unfortunately, I don’t know. You’ll probably just have to wait, or do the other missions instead.

    Comment by Tim — April 11, 2007 @ 3:42 pm

17. I did exactly the same as in the other level but instead of /8/….php I put /9/p91e283zc3.php

    Comment by grriper — April 11, 2007 @ 7:13 pm

18. grriper: You first got the filename by using the server-side injection, didn’t you?

    Comment by Tim — April 11, 2007 @ 9:46 pm

19. Thanks to everyone,
    I gave a thought that this mission could be down but then I thought that it was part of the mission, and i just kept trying for some hours. Then i needed to ask in this blog what i was doing wrongh.

    Thanks again

    S.

    Comment by Compere — April 11, 2007 @ 11:42 pm

20. hey dojo thanx i went back and understand it and i am know on realistic web 2 thanx for the tip

    Comment by Ruben — April 12, 2007 @ 9:15 pm

21. Compere and Ruben: I’m glad that it helps.

    Comment by Tim — April 12, 2007 @ 10:00 pm

22. ok the commands have been limited and now i get tis error (im blanking out important words on purpose)

    If you are trying to use ***** **** ******** to solve the challenge, you are on the right track: but I have limited the commands allowed to ones relevant towards finding the password file for security reasons(because there will always be that one person who decides to execute some rather nasty commands). So please manipulate your code so that it is a little more pertaining to the level.

    but my code DOES pertain to the lever (level 9 that is)

    Comment by keeperx — April 19, 2007 @ 6:36 pm

23. keeperx, are you sure that you execute the code for the ninth level on the page for mission number 8? Also, it seems like you did not enter the correct code. What code did you try?

    Comment by Tim — April 19, 2007 @ 9:03 pm

24. um i cant seem to get the url correct

    Comment by Datingahacker — May 1, 2007 @ 8:53 pm

25. Ha…actually this quite easy…if we ever try to search file with nasty way…we already feel that we are in the rigth path…we just need to know that level 8 is corelatted with level 9, thank’s to Timjoh..i feel more confidence with my decicion in solving HTS basic 9…
    1.In Basic 8 >> Name :
    2.http://www.hackthissite.org/missions/basic/9/p91e283zc3.php
    3.eureka….Got the password

    Comment by Orc4 — September 24, 2007 @ 12:04 am

26. LvL 10 basic being solved by anyone?

    Comment by Ash — October 22, 2007 @ 12:45 am

27. The claim that the script rejected all but two values is what threw me; this is dimply not the case.

    Comment by Anonymous — February 17, 2008 @ 4:22 pm

28. how can you get 8 but not 9.
    nine is easier than eight i think, and yeah +1 about level 10

    Comment by blarg — February 29, 2008 @ 6:17 am

29. why do i hafto put ../../9 to go p a directory????

    Comment by Anonymous — March 15, 2008 @ 3:04 pm

30. blast… I had an entire different logic when trying to solve mission 9. i thought he had an regex like // and I tried all sort of stuff to bypass or fool that match so I can execute 2 SSI commands with one having an ..\.. . Guess this was easier in the end and I just deviated like hell from the answer. THIS LAST DAMNED MISSION TOOK LONGER THEN ALL THE OTHERS SUMED.

    Comment by WhoCARESS — April 18, 2008 @ 4:57 pm

31. Am i missing something here, on the blog i see
    In the last mission, you entered the following in the name field:

    Which, with .., goes down one step from

    What did we enter in the name field? every bit of code seems to be gone from this blog and the comments so it doesn’t really make a lot of sense to me

    Comment by Andy — May 20, 2008 @ 1:27 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment