Level 1(the idiot test)첫 번째 문제답게 HTML만 안다면 쉽게 풀수 있습니다. HTML 코드를 사용할 수 있는지 알아보는 테스트 같네요. 주석을 유심히보세요.
This level is what we call "The Idiot Test", if you can't complete it, don't give up on learning all you can, but, don't go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue.
Click to show spoiler...
Level 2.
A slightly more difficult challenge, involving an incomplete password script. Requirements: Common sense.
Basic 2
패스워드를 무시하는 방법을 생각해 보세요. common sense 라는데 전 생각보다 힘들게 풀었어요.Level 2
Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...
Click to show spoiler...
Level 3.
Some intuition is needed to find the location of the hidden password file. Requirements: Basic HTML knowledge
Basic 3
이것도 HTML 코드를 사용할 수 있는지 확인하는 테스트입니다. 힌트는 form 에 있습니다.Level 3
This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.
Click to show spoiler...
Level 4.
An email script has been set up, which sends the password to the administrator. Requirements: HTML knowledge, an email address
Basic 4
Level 4
This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
['Send password to Sam' Submit Button]
이메일 주소가 필요하다는데 문제가 수정되서 그런지 이메일 주소는 필요없습니다. 이것 또한 html 을 필요하는 문제입니다.
데이터 전송 형식에는 GET, POST 등이 있고 제시한 2가지가 가장 많이 쓰입니다. 'Send password to Sam' 버튼을 눌렀을때 어떤 형식으로 가는지 잘 파악 해보세요.
Click to show spoiler...
hackthissite-basic4.htmlLevel 5.
Similar to the previous challenge, but with some extra security measures in place. Requirements: HTML knowledge, JS or FF, an email address.
Basic 5
Level4와 동일한 문제지만 한가지 추가된 보안 기능이 있습니다. 똑같은 데이터 전송형식을 받지만 'Referer' 체크를 합니다. 'Referer'를 속일수 있는 방법을 생각해보세요.Level 5
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.
['Send password to Sam' Submit Button]
Click to show spoiler...
Level 6.
An encryption system has been set up, which uses an unknown algorithm to change the text given. Requirements: Persistence, some general cryptography knowledge.
Basic 6
일단 암호화 되는 패턴을 파악하는게 중요합니다. 간단한 값을 입력하여 패턴을 파악해봐요~Level 6
Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:
Please enter a string to have it encrypted.
[Input Box]
['encrypt' Submit Button]
You have recovered his encrypted password. It is:
0:;<7=:@
Decrypt the password and enter it below to advance to the next level.
Click to show spoiler...
level6-1.py
Level 7.
The password is hidden in an unknown file, and Sam has set up a script to display a calendar. Requirements: Basic UNIX command knowledge.
Basic 7
입력란에 숫자(년도)를 입력하면 해당 년도의 달력이 출력되고 아무값도 입력하지 않으면 이번달 달력만 출력됩니다. 그리고 숫자 이외의 값을 입력하면 아무것도 출력되지 않구요.Level 7
This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.
In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:
Enter the year you wish to view and hit 'view'.
[Input Box]
['view' Submit Button]
Perl에서 유닉스 명령어를 사용 할 수 있는 방법을 생각해보세요.
Click to show spoiler...
Level 8.
The password is yet again hidden in an unknown file. Sam's daughter has begun learning PHP, and has a small script to demonstrate her knowledge. Requirements: Knowledge of SSI (dynamic html executed by the server, rather than the browser)
Basic 8
힌트에 나와 있듯이 약간의 SSI(Server Side Include)에 대한 지식이 필요합니다. HTML주석을 사용하여 include, exec, echo 등을 사용할 수 있구요. 자세한 내용은 위 링크로 따라가 확인하길 바랍니다.Level 8
Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/
However, Sam's young daughter Stephanie has just learned to program in PHP. She's talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote an script to demonstrate her ability.
Enter your name:
[Input Box]
['submit' Submit Button]
Click to show spoiler...
Level 9.
The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.
Basic 9
Level 8과 동일한 유형의 문제입니다. 똑같은 방법을 사용하여 /var/www/hackthissite.org/html/missions/basic/9/ 디렉토리에 접근 하면 됩니다.Level 9
Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.
In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...
This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it. If it matches "#exec cmd="ls"-->" or "#exec cmd="ls /home/xec96/public_html/missions/basic/8/"-->" it accepts it. If it does not match any of the situations above, then it kicks the user out.
Click to show spoiler...
Level 10.
This time, the password is encoded straight into the script. Whether the user is allowed in or not is determined by cookies; small pieces of information stored by the browser about the webpage that is being visited. Requirements: Javascript knowledge.
Basic 10
이제 드디어 Basic 마지막 레벨이군요. 이번 문제는 Cookie 관련 문제입니다. 푸는 방법은 여러가지지만 Javascript 를 이용하는 방법이 가장 간단하겠네요.Level 10
Please enter a password to gain access to level 10
Click to show spoiler...
이로써 HackThisSite ( http://www.hackthissite.org ) - Basic Missions 풀이를 모두 풀어보았습니다.. 수정 및 질문은 coryas(at)gmail.com 메일로 받습니다. (모두 읽는다고 수고했어요~)
Posted by Coryas
