Now, lets have a look at the remaining 5 basic web missions. Remember, this time we have some tough concepts and tricks to deal with. Okay, let’s get started.
In Basic Web 6 we observe to have an encrypted password. We are to decrypt it before we can pass through this one. We also have an encrypter which was used to encrypt Sam’s password. How do we got about this? We shall enter random characters to see, how it is getting encrpted. Enter 11111 and check. What do you get?! We see the encrypted password to be 12345! Hmmm.. I think it has to deal with ASCII codes. Getting an ASCII code chart might be helpful. Okay. Now put some more characters and see how they are changed.
Observation 1) There is no change in the first character.
Observation 2) The remaining characters are encrypted depending upon their position from the first character.
Hmm… Here’s what I did. I made a Visual Basic application, that could decode the password. Here is the code (Other details are not provided to avoid spoilers.)
Dim pass As String
Dim char As String
Dim charasc As Integer
Dim decde As String
Private Sub cmdDecode_Click()
pass = txtCode.Text
For i = 1 To Len(pass)
char = Mid(pass, i, 1)
charasc = Asc(char)
charasc = charasc - (i - 1)
decde = decde & Chr(charasc)
Next i
txtDecode.Text = decde
End Sub
Using this I successfully decoded the given encrypted password to obtain the correct password. The password is (<blocked to avoid spoilers>)
So, we have completed Basic 6 too. Let’s move on to 7.
In Basic 7, we need to have some basic knowledge of UNIX commands. Strictly speaking, one UNIX command which is used to list all files in a directory and the speacial symbol used to concatenate two commands. Now how did I know we have to use UNIX commands. This is revealed by looking at the source code at the right place.
<form action=”/missions/basic/7/cal.pl” method=”post”>
That is the code from the source. OK. Like dir in windows, what is the command to list the files in UNIX. Do googling and you will find. But I will let you know how to concatenate two commands. We use ‘;’ to concatenate two commands. (Spoiler:List files using ‘ls’ command). But why should we concatenate. Because the command is intended to display the calender, changing it will not help. So we need to use ls to find the file where the password is stored. Then move on to directory snoop. Change the URL and tada! you get the password. Type in the password and move on to the next level!
Basic 8. We need SSI knowledge. Using SSI scripts we will access the folder where the password is saved. Now how do we do that? Do a wikipedia search and you will find this script helpful.
<!–#exec cmd=”ls ..”–> Check the script before you execute! I might have intentionally introduced syntax errors. Find the file you need from the ones listed and do a directory snoop to find the password. On to Basic 9!
Basic 9 , too is something similar to Basic 8. You have to do a directory snoop using SSI script. But this time you need to look in Basic 9 folder and NOT in Basic 8. Use the text box made by Sam’s daughter in Basic 8 to snoop the Basic 9 directory. Looking at the URLs of all the 9 Levels we find that, the folders for each level is named based on the level number. Okay. we need a different SSI command now. We need to move back to the parent folder and move into the folder allocated for level 9. <!–#exec cmd=”ls ../../{foldername}“–>, Done. Obtain the file where the password is saved and do a URL modification. (Remember where to look for, while changing the URL!) And we are ready to tackle the last the final Level, Basic 10.
Basic 10, Cookies! First of all know what Cookies are. Do a google search, you will come to know. Basically they save everything related to you. Passwords, ids, search tags and what not! We use power of java to hack through this password. To know details of cookies defined for this page we use javascript:alert(document.cookie). Before this try typing in some password and trying to access. You get the information that you do not have authority to access that page. Hmm….We saw that when we typed the javascript we found something like this level11_authorized = no. Well! change that and put it into the javascript like this: javascript:alert(document.cookie=”level11_authorized=<keyword blocked to avoid spoiler>“). And you are done. Now simply click on submit and you are through!
Yes! Basic Web completed successfully. Now move on and crack Realistic Missions (of course after learning somethings more!).
Thanks bro…I m trying to get past.
Take a look at blog.gensale.net when you start doing the realistic missions.
nice..keep goin..
Hello nice post wondering if u would like to affiliate with Hackers-Grounded.com?
Just wondering if you are considering moving on with more of the Hack This Site Beginner challenges…
I am currently stuck on /missions/basic/11
I am assuming a script would be the way through this one.
hey guys… i’m going to give a clue for u…
“/missions/basic/11″
—>for the intelligent ppl:
well… how about to type, hm, one char after the url ‘/missions/basic/11/…’?
—>for the stupid ppl:
well… how about to type, hm, one char after the url ‘/missions/basic/11/a/’?
[]’s