Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
36

by Forest in Challenge Help about October 26, 2016 open - report

Variable Manipulation 1

Can somebody give me a hint for this Challenge?

I understood that i have to do a LFI. 

I tried .../index.php?file=.htaccess

/index.php?file=../../../../passwd

/index.php?file=../../../../etc/passwd\.\.\.

and so on but the Challenge wants to f*ck with me...

I would be gratefull if somebody could help me.

 

Thanks

Answers: 4 • Score 1 • Views: 812
Browse by
  • 1

    by johnrol123 about April 13, 2018

    guys iam already done to find a user and pass but idont know how to get the reall password 
    Admin And _____

    • Score: 0
  • 4

    by _4p0pH1S_ about December 1, 2016

    Hey guys, if any of you fall here looking for the answer, be aware that the challenge level is not representative of everything you need to know and guess to pass it. I have spent a long while since I finally figured out how to pass it. I will give you some hints:

    1 Look closely to the message and think in possible alterntive folders visible server side

    2 It is important to know the name of the variable for the LFI and you will discover it from the previous point. After that think on the kind of server and how the permissions are granted. There is a pair of files really important for this challenge

    3. Combine the knowledge of the previous points and you will be able to get the "password"

    4. You will be disapointed when try to fill in the password as you found it, your challenge is still not complete.

    All of this and the last step you need to get really the password should be at least 300 points, this is not easy at all.

    Regards.

  • 21

    by kezza about November 2, 2016

    Also what type of webserver is used? This and what MRNCT said will help you. The way you are trying to solve it, is the way to go!

    • Score: 0
  • 9

    by MRNCT about October 26, 2016

    you are pretty close to get this one done.

    remember to get the admin's password!

    • Score: 0
You must login to post an answer.