In order to do this exercise easily, in the php.ini file, change the parameter safe_mode to off
The guestbook application, contains a field that is connected to a shell execution. It is the change password form. This form is only available for logged-in users. It writes the username and password inside a file the "logfile". This file is refered on the line $logfile='/tmp/guestbook.logs.txt';. This works on any unix machine. Each time a password is modified, a line is added in this file. On the Windows machines, you may have to fix it before, such that it writes something.
Once the system working, you will try to hack the system, with the knowledge of the content of the file. On Unix, you can see the content modified using tail -f guestbook.logs.txt. On Windows, you may need to reopen this file each time you need it.
Log-in the change password field is subject to a shell injection, you will use this mean to enter the system.
Then print out the list of the files at the root directory.
Print out the content of the httpd.conf and php.ini files.
Create an empty file hello.txt on the disk of your server.
Create a file hello2.txt containing the data "Hello World" on the hard drive of the server.
Create a file hello.php in the htdocs directory of the server. Then execute this file.