Guess ?
Posted on 21st January 2007 by TaggyA very popular contest read ” Pass through the levels and who reaches the final stage gets all the cash ” :) and i promise the money was big enough to anyone spend time on it.Definitely me.
I dragged around the first stage for about 5 minutes and my mind would only go back to the rules ” Which ever means” and i decided to try some things out.
And the very first trick did , the LOG generated when transferring files from one server to the web server resides in the output directory which can be read by anyone as it lies in the webroot.
Guessing the FTP client isnt all that difficult you can bet it is WS_FTP or smartftp or cuteftp :)
And here again it worked and it gave me the list of all the files residing on the server and from there on ,its just a matter of time when you arrive at the final page just trial and error.
On contacting the admins if this legal [Forget being ethical or unethical] ,the change in rules clarified “ethical performances” and i am ruled out .
Not being sad really ,i didnt deserver to get a penny still just wonder if i should put down some mistakes that usually happen .
* PHP~ files,these files are the backup files created bt whatever texteditor you use .These are dangerous because they actually tend to show the PHP files in text format and hence all your DB passwd and other info .
* blablah.LOG :) well this shows out all the files in current directory
I guess sometimes the phrase Guess ?? could so easily be interpreted as guessing for ~ files or LOG files than the answer itself.
UPDATE:The post was modified so that some contents stayed out :)
[tags]security[/tags]
Iam Theyagarajan S ( 'taggy') . to know more ,head out to
