Recently I came across the site called www.hackthissite.org. Quite Interested networking and online security, I thought of giving it a try. I suceeded in all 10 Basic Web Missions, and indeed learnt several new topics. I felt like writing my heart out on this topic and thus here is the post.
First things first
We need to register in the site (it’s free!) before you can access the facilities. There are many other missions. I cracked through Basic Web and have put it down as words.
Cracking through Basic 1 needs to have basic knowledge of Hyper Text Markup Language alias HTML.
Look at the source code of the page and find this line <!– the first few levels are extremely easy: password is <blocked to avoid a spoiler> –> You got it! You have got the password! Complete Basic 1 and move on to Basic 2, there is more fun waiting.
In Basic 2, it is said that The Security person Sam forgot to upload the password file. So, there is no password to crosscheck the entered text with! So, the password is b<blocked to avoid a spoiler>. Complete level 2 and move on to Basic 3.
Let’s see what’s in store for us in Basic 3. Look at the source code of this page. Look for this
<form action=”/missions/basic/3/index.php” method=”post”>
<input type=”hidden” name=”file” value=”password.txt”>
<input type=”password” name=”password”><br /><br />
<input type=”submit” value=”submit”></form>
Yes, now we are in for something called common directory snooping. So, what is this thing anyway. We can snoop the directory here by modifying the URL. So, put the needed file following the url of the present page and bingo! you get the password displayed at the top left corner of the page! The password is <blocked to avoid a spoiler> Complete and move on to the next level Basic 4.
I will deal with Basic 4 and 5, because it deals with almost the same thing. Here the password is send to Sam’s mail id. So where do we do mischief? Well change the email id to something else! (Do not forget to Save the Changes, use Opera, that shall be helpful!) The next time you click send password, you have the password displayed! The passwords are <blocked to avoid a spoiler>
The remaining 5 missions turn tougher and difficult without knowledge of PHP, Unix etc. I will talk about it in my next post.
