Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
1

by DrJava in Challenge Help about September 3, 2016 closed - report

Basic 30 (LFI)

Ok, so I figured out where to put the LFI, and what the file is:

/et*/h*pa***d/

My question is:

1. Do I need a . in front of h*pa***d

2. How do I figure out how many ../ to put in?

 

Thanks in advance.

Answers: 3 • Score 0 • Views: 1313
Browse by
  • 96

    by ccccombobreaker about September 4, 2016 Best answer

    i think he knows where he has to write that...

    think of this: "../" basicly means "parent directory"

    website.com/dir1/dir2/index.php

    website.com/dir1/dir2/pages/ (in here are the pages, that get included)

    so index.php and the directory pages/ are in dirictory 2, dir2 is in dir1...

    index.php?page=../ now you are in dir2 (because you just got out of the dir "pages")

    index.php?page=../../ now you are in dir1 (because you just got out of the dir "dir2")

    now you need to know where the ".h******d" file is located (you're on the wrong way with /e**/.h******d), it's in the directory the admin wants to protect with a password ;)

    NOW you should try LFI :D

  • 9

    by MLGChris333 about September 4, 2016

    Yep. /e**/ blah blah is not where the password is stored, Same with .hta*****

    • Score: 0
  • 9

    by MLGChris333 about September 4, 2016

    First hint. Yes you need a dot and secondly, think about where the file is stored. e.g: www.shittysite.com/index.php?page=<something goes here ;)>

     

    Think ;)

Question was closed.