Welcome to the Goodnight Byte for HackThisSite, Basic Mission 4. In Friday's session, we tackled some coding in Gobby. Nothing special, just a few modifications to the NullBot script we made a few session ago, and some education on regular expressions. Apart from coding, we did our scheduled HackThisSite mission. We had to take on some JavaScript, which was a new thing for Null Byte. This mission taught us about client-side HTML manipulation through JavaScript injections. This just means that the HTML on the webpage is modified for your session only. In our circumstance, it helped us modify an "I forgot my password" form to send to our email address.
Basic Mission 4
The mission greets us with:
"This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot."
If we look at the source and scroll to the form action, we can see this:
This bit of source tells us that when we click the password button, the password is being sent to the webmaster@hulla-balloo.com. There are two ways we can solve this. We can modify the HTML in real time with JavaScript.
javascript:alert(document.forms[0].to.value="myemail@gmail.com")
Alternatively, we can hit Flie > Save Page As and then save the page to our desktop. This allows us to modify the HTML directly and change the email. However, in order to make this HTML document work, we need to point it to the full URL of HackThisSite. This is because the page is no longer on their host, so we need the full file path—rather than the shortened version. In the form action (posted above), we need to edit the full file paths into lines 1 and 3. Don't forget to change the email to yours in line 2.
Comments
No Comments Exist
Be the first, drop a comment!