PkUx69
11 years ago | edited 11 years ago

0

So……. I have no idea how to do this level, Im sorta stuck.

It all seemed easy as I was reading the source code:

Home
News
Contact

So… ?p=admin.php But what is the next step??
Apparently, its something called “Poison NULL byte”, and after reading this http://insecure.org/news/P55-07.txt and a few videos and actually trying to do what the video said for GODNESS SAKE (TO FIGURE OUT THE LEVEL) ———– — [removed] that still doesn’t work….

What is the next step??

Edit: your url was correct, so I removed it.

18replies
15voices
684views
1image
knarf169
11 years ago

0

Not sure what browser your using, but when it comes to the poison null byte I use Chrome. For whatever reason Firefox gives me a hard time, but not all of the time. Try doing what you have on other browsers.

Good luck

daMage
11 years ago

0

I hope Flabbyrabbit will have the time to have a look at this… You had the correct solution as far as I can tell..


0

What is the URL of this page?
I have skills in HTML and Javascript code. I hope I can help you.

daMage
11 years ago

0

The level works now as intended. Sorry for the inconvenience.

Special thanks to Flabbyrabbit, who did the actual fixing ;)

[deleted user]
11 years ago

0

Just tried the level again myself and it works fine for me!

Luke [flabbyrabbit]
11 years ago

0

The level was flawed but this has now been fixed and appears to be functioning as expected. Also to reiterate @knarf169’s point Chrome seems to be more willing to accept null bytes than firefox. If you are using firefox and having issues try using something else.

Abhijeet [abhi1302]
11 years ago

0

as everyone mentioned i tried in chrome and still facing the same issue
Warning: file_get_contents(admin.php) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22

i am trying Null Byte, no use
http://www.hackthis.co.uk/levels/real/level6/?p=admin.php%00


1

abhi1302 you are trying to go to the wrong directory. Think again. If you got this far don’t you remember a file with a php.html
You need to change some of your http://www.hackthis.co.uk/88888/99999/00000/?p=admin.php%00 to something else. Can’t say much more without giving it all away!

[deleted user]
11 years ago | edited 11 years ago

0

Idletester is right abhi1302. You are going to the wrong directory. Can you remember how to be able to go up or down a directory?
if you were in the cmd line in windows and were on lets say C:/windows/ and you wanted to go down a directory you would use .. so how could you use something like that to solve your directory problem you are having?? The poison null byte is to stop something from happening.

Abhijeet [abhi1302]
11 years ago

0

Thanks @IDLETESTER and @ANONRA you both are right this level is cleared now but by looking at page source admin.php seems to be in current location.
<a href="admin.php">here it is</a>

a2b2c2
11 years ago

0

I had the same problem, but with your help I was able to finish. Thank You!

James Singh [cpn1000]
11 years ago

1

You know since idletester is sooooooooo awesome you can

Go to youtube and look at his videos, kills the fun in every thing. But hey idletester is awesome!

Jdawg
11 years ago

0

I will kill u

James Singh [cpn1000]
11 years ago

1

Image

BNAAA
11 years ago

0

Read this article ! Maybe it should help you :-)
http://www.hackthis.co.uk/articles/common-php-attacks-directory-traversal

oxide
11 years ago

0

this level was cool sort of reminds me of my favorite vuln

Alien [necromonger]
6 years ago

0

@idletester Thank you! Your hint was what I needed to finish this. Sadly, I’ve seen one or two web sites where this has actually worked!

🐉 [Cheerfulbull]
4 years ago | edited 4 years ago

0

abhi1302 read the warning carefully:
Warning: file_get_contents(admin.php) [function.file-get-contents]: failed to open stream: No such file or directory in pages on line 22

You must be logged in to reply to this discussion. Login
1 of 19

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss