How to Hack a Site Knowing a Bit of HTML (hackthissite.org) Part 1
After you have registered to this site,sign in then to start missions.
as you see in the pic in the challenges you can choose any missions but i start from basics.
after you go to basic missions(it contains 11 missions) you will see this pic.
go to basic 1
as you see here there's a input box which you should insert something to go to next level (remind that if you stock in any of these levels you can drop it and go to next one)
here it says "This level is what we call "The Idiot Test", if you can't complete it, don't give up on learning all you can, but, don't go begging to someone else for the answer, that's one way to get you hated/made fun of. Enter the password and you can continue."
here you should go to the page source which it is HTML .
so write click on the page (Firefox,Chrome,Safari,...) then you should see "View Page Source" click on it
then you will be directed to here.
search for password you the password there the password is : 4faebbe7
This level says:
Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...
Since he forgot to upload the password file, the password the user enters is compared to a blank string "" so the password is blank. Just press the submit button.
This level says:
This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.
If you view page source again, you'll notice the hidden html input element:
<input type="hidden" name="file" value="password.php" />
now you will say that how to find this what is it or what is the line meaning?
for finding it just press Ctrl+F then search for the password there are some password but the 1st one is the password which it is upper of the input box.
for understanding them if you know a bit HTML you can understand them.
If you append 'password.php' to the URL "http://www.hackthissite.org/missions/basic/3/", you'll see the password in plain text.
it means like this :
there is a password there.
this level says :
This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
If you view page source, you'll notice hidden html input element:
input type="hidden" name="to" value="
this is what we want.
If you click the "Send password to Sam" button, you'll be taken to /level4.php and it'll say "Password reminder successfully sent."
Using the Chrome , right click the "Send password to Sam" button and click "Inspect element". Chrome's element inspector box will pop up. If you double click "firstname.lastname@example.org" in that box, you can edit the email address.
If you change the email address to a blank string or invalid email, you'll get "Invalid email address, sorry!" message when you press the "Send password to Sam" button. If you change the email to any other valid email address, you'll be taken to /level4.php again but this time it'll show you the password in plain text.
(remember that you should enter the mail that you have subscribe by that in this site for example i have registered by the mail "ZZZ.ZZZ@gmail.com" so i am able just to enter this mail to there.)
using Firefox is just like that.
change the sam@hackthissite to your own mail then open your mail and enter that pass to the input box and go to the next level.
this level says:
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.
there's no difference between this level and level 4 but one thing:
if even enter a blank email address in this level says email sent successfully but in level 4 it wont say this so use the same technique in Level 4 to get the password.
This level is the hardest level between these levels (till 6)
I am not going to tell it now and i want you to figure out about this level.
I will tell you just a tip: "USE ASCII table"
here's the link for it http://www.asciitable.com/
In my next post i will tell completely about this level (6) and also the others that they have the same method
here there is a pic of ASCII table