Hacker News new | ask | show | jobs
by kijin 5028 days ago 

    <?php
    echo `cat ../password.txt`;
    ?>
That doesn't look like the work of a very talented hacker. Whatever happened to readfile() ?

The attack could also have been a lot more interesting if .php files were disallowed but short snippets like this could be hidden inside GIF images.
3 comments
apawloski 5028 days ago
Why on earth would a "talented hacker" do anything other than the easiest effective method? If it doesn't work, then just try something else. They certainly wouldn't waste their time trying to hide code snippets in a GIF when you could just upload the above.

In short: the "talented hacker" is the one who compromises your system. The difficulty of execution does not matter if you get owned in the end.

link
Smudge 5028 days ago
> That doesn't look like the work of a very talented hacker.

Why not? Do all talented hackers use 'readfile()'?

link
vasco 5028 days ago
In one of the rounds the attack was exactly that, payload inside a gif
link
Smudge 5028 days ago
Really? Which level was that? I don't recall using such a technique, but maybe there were multiple solutions.
link