Goodnight Byte: HackThisSite Walkthrough, Part 3 - Legal Hacker Training

Nov 26, 2011 07:12 PM

Welcome to the Goodnight Byte for HackThisSite, Basic Mission 4. In Friday's session, we tackled some coding in Gobby. Nothing special, just a few modifications to the NullBot script we made a few session ago, and some education on regular expressions. Apart from coding, we did our scheduled HackThisSite mission. We had to take on some JavaScript, which was a new thing for Null Byte. This mission taught us about client-side HTML manipulation through JavaScript injections. This just means that the HTML on the webpage is modified for your session only. In our circumstance, it helped us modify an "I forgot my password" form to send to our email address.

Basic Mission 4

The mission greets us with:

"This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot."

If we look at the source and scroll to the form action, we can see this:

This bit of source tells us that when we click the password button, the password is being sent to the webmaster@hulla-balloo.com. There are two ways we can solve this. We can modify the HTML in real time with JavaScript.

    javascript:alert(document.forms[0].to.value="myemail@gmail.com")

Alternatively, we can hit Flie > Save Page As and then save the page to our desktop. This allows us to modify the HTML directly and change the email. However, in order to make this HTML document work, we need to point it to the full URL of HackThisSite. This is because the page is no longer on their host, so we need the full file path—rather than the shortened version. In the form action (posted above), we need to edit the full file paths into lines 1 and 3. Don't forget to change the email to yours in line 2.

 



   

When that's all set up, open the page in your browser and click the password button. Problem solved!

How Can This Be Prevented?

A small PHP script that hid the email and sent the password would be far more secure, because it would be processed on the server end, as well as hidden from user sight.

Check back Monday for details on our next session. So please, join IRC and come learn!

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!