Dashboard Articles Playground Discussions More
Follow

I have solved the level but how does this work?

Princess slag

Mojito
11 years ago

0

Hey,

I solved this level but I have no idea how the scripts work. Why is the sourcecode from admin.php only the html form and not more? Why is the file in
http://www.hackthis.co.uk/levels/real/level6/admin.php
and in
http://www.hackthis.co.uk/levels/real/admin.php.

Could someone please explain the function of the princess/admin site? How works this script and what does it do to check the password and why could I see the sourcecode if I load the file in the correct way but not if I just klick on “view sourcecode”?.

Best regards,
Mojito

11replies
7voices
1,019views
Mojito
11 years ago

0

Oh, the first question is solved, I have to go up in the directory becouse index.html / news.html are in /level6/pages/.

So my only question is, how the admin.php hides its sourcecode and why the sourcecode is there, if I whatch the file with the right methods.

Best regards,
Mojito

Matrox
11 years ago

0

Hi Mojito,
I’m still trying to solve this level. I found the admin.php asking for the password only under /levels/real/level6/, the other ones
http://www.hackthis.co.uk/levels/real/admin.php and
http://www.hackthis.co.uk/levels/real/level6/pages/admin.php
are just copies of the levels index overview page http://www.hackthis.co.uk/levels/

I tried another way, and gave the princess home page navigator different input, like
http://www.hackthis.co.uk/levels/real/level6/?p=admin
This shows an interesting error message:
“Warning: file_get_contents(admin.html) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22”

Are you sure you found the pw by looking at the source code of admin.php?
I could really use a little hint here..

Regards, Matrox

daMage
11 years ago

0

I’d like to know how you solved the level too… it seems to me that you don’t really understand how it works, but still managed to pass it. Did you watch a video about it?

 
  • daMage
Matrox
11 years ago

0

Ah - seems I was on the right track there. I didn’t know how to point the p= to the right file. Googled it, found a video.
But I still cannot retrieve the admin.php source.. The ../ part doesn’t work.

“Warning: file_get_contents(../admin.php) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22 ”

Regards, Matrox

^UknownSource^ [mattempik]
11 years ago

0

did you watch the video until it finish , or you watch the video just to learn ?

 

when the time has come , I shall rise and conquer the world

Matrox
11 years ago

0

I won’t type in the password until I do see the php.admin source in my browser window. That’s hacker code of honor - or how do you call that?
Matrox

^UknownSource^ [mattempik]
11 years ago

0

hahahaha yeah… alright just do until you can complete it properly

 

when the time has come , I shall rise and conquer the world

Zhen [ZeroFreak]
11 years ago

0

If you guys still have doubts on how this works, feel free to pm me.
I’d like to post how it works here by it’d be a spoiler.
This is certainly a great place to train.

Thomas [25thomasoooo]
11 years ago

0

i was wondering to get the password do you have to do some SQL injection if so help

 

14 Year Old WhiT3 HaT HAcK3R LoV3 LiF3!!

Thomas [25thomasoooo]
11 years ago

1

dont worry got it

 

14 Year Old WhiT3 HaT HAcK3R LoV3 LiF3!!

lopocachino
11 years ago

0

if you read the rest of this thread, it answers it as well as can be answered without breaking forum rules…
read, think, analyse, learn, apply.

 

Some mornings it’s not worth chewing through the straps.

You must be logged in to reply to this discussion. Login
1 of 12

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss