Hack This Site — Basic Missions
This is a writeup for Basic Missions from HTS.
Basic 1
This was just a basic challenge which emphasis HTML. So basically view the source code and you will find a comment there with a password.
Basic 2
If you read the question carefully, NetSec Sam forgot to upload the password file. So we can leave the password field blank and proceed.
Basic 3
Again viewing the page source we find a hidden ‘password.php’ file.
Viewing this file gave us the required password.
Basic 4
After clicking on ‘Send password to Sam’ we see this message.
So after viewing its page source I found the mail where the password is being sent.
We just have to change this mail to our mail to get password. This mail should be same as your registration mail. You can change the mail directly by editing html or using javascript-
document.forms[0].to.value="your_mail";Now check your mail for password.
Basic 5
This challenge is similar to previous challenge, just change the js code to —
document.forms[0].elements[0].value="your_mail";Basic 6
This was an interesting challenge but quite easy if you understand the encryption. To find the encryption I typed ‘11111’ to encrypt and I got this
So basically keeping the first digit constant it adds the successive digits with 1,2,3 … .
So for description we just have to decrease the amount with 1,2,… . To decrypt the password you will need help of this.
So keep the first digit constant and decrease the consecutive amount.
For the hint, half of your password will look like this — 92d1…
Basic 7
So this was a challenge for ‘Command injection’. Type ‘; ls’ in the search bar and you will see
See this file for the password.
Basic 8
To check for this I typed my name in the search bar and got these.
After this, the file showed
But if you will look your url carefully you will see a file with ‘.shtml’ extension. I googled about this and found out that this was a file extension commonly known as SSI(Server Side Includes). So I searched more about it and found out how to execute commands using SSI. I found a page and executed this command to see the file content.
<!--#exec cmd="ls" -->After this I got this result.
But if you will look closely to url we are in /tmp/ directory. But the question clearly says that Sam has saved the password in ‘/var/www/hackthissite.org/html/missions/basic/8/’ . So we have to search for search for one level down directory.
<!--#exec cmd="ls ../" -->After this I got this.
Viewing this file will give you the password.
Basic 9
This was quite tricky as it needs us to use the previous challenge. We have to do the same thing which we done in previous challenge just change the directory to /9/ this time.
<!--#exec cmd="ls ../../9/" -->
Viewing this file gave us the password.
Basic 10
This part is related to cookie manipulation. Just change the ‘level10_authorized’ cookie to ‘yes’ and reload the page. You will have this challenge solved.
Basic 11
This was quite an interesting + frustrating challenge. Jokes apart, if you visit the challenge it will change every time with new songs. One common thing between them is that they all are ‘Elton John” songs.
Apart from that I couldn’t get out anything from that. So after wasting a lot of time I went to see its solution online and found out that it has a directory listing in the format /e/l/t/o/n . After that we got this.
We find that there are no files or directory here. But this doesn’t mean that actually there are no files or directory present. If you have directory bruteforced any site before you have noticed a ‘.htaccess’ file there. So I searched for it and got this
Now visit the ‘DaAnswer’ directory and we got something like this.
So after this thing I couldn’t think of anything. So after some time googling about the challenge I found out that ‘available’ was the password.
‘Best place to hide the password is in PLAIN SIGHT !!’
So now visit the /11/index.php file and submit the answer.
Summary
These all challenges were pretty good and actually test your web skills. Some of them were a bit tough but all of them were very helpful for a beginner.
Thanks for reading this.
