Hack This Site Basic 4

In this mission which is just a little bit complicated, there are two ways to achieve it: the short way and the long way, but don’t worry, both are easy and all you need is firefox for the first method, or some knowledge of HTML for the second one.

Method I:

As I said before we’ll need firefox (my favorite browser ) and an add-on called “Tamper Data”, and what this basically do is it intercepts all kind of requests made by the browser and let you change requests headers, requests params (post/get) and much more.

after installing Firefox (if you don’t already have it), we’ll install this add-on, and to do so navigate to this page : https://addons.mozilla.org/en-US/firefox/addon/966 and click the “Add to Firefox” button. Or go to the menu Tools -> Add-ons then do a search for “Tamper Data” then follow the instructions on the screen for installing it.

Now we’re ready for the forth mission of HTS, as always you are asked to find a password that will grant you access to the next level, but this time the network security: Sam has written a script that will send him the password in case he forgot it. To bypass his protection go to the Tools menu -> Tamper Data  and hit the “Start tamper” button,

now for every request this add-on will ask you if you want to modify the request or send it unchanged. in our case we want to change the request so we’ll hit the tamper button. now you can see all the details of the request but only one detail interests us which is the “to” post parameter.

Change it’s value to any email address, now you can access the next level.

Method II;

for this second method we need to create a web page that will contain our form with the modified “to” post parameter. our page source should look like this :

mission4.html

<form action="http://www.hackthissite.org/missions/basic/4/level4.php" method="post">
<input name="to" type="hidden" value="whatever@youwant.com" />
<input type="submit" value="show me the password" />
</form>


now load this page into your favorite browser and click on the button and you should see the password, enter it, Congratz, you have completed this 4th mission.

Other ways : there are also other ways to achieve this mission like using JavaScript to modify the page on the fly, it’s up to you to choose which one you wanna use.

Hack This Site Basic 3

On this 3rd mission, which is fairly easy, the network security guy Sam, has remembered to upload the password file, but don’t worry, as the mission briefing says there is a “deeper problem”, by deeper they meant that you have to look at the source of the page ( Firefox shortcut: Ctrl + u ), and after looking at the source you should find this:

As you can see there is a hidden form field that has the name “file” and it’s value is “password.php”, now let’s take a look at the “password.php” file, we’ll do this by appending the file name to the current page URL which is :

http://www.hackthissite.org/missions/basic/3/

to this :

http://www.hackthissite.org/missions/basic/3/password.php

From now all you have to do is copy/paste the password and hit the submit button, Congratz, you have completed the third mission.

Hack This Site Basic 1

Since this mission is an idiots test, you may imagine that the solution is really simple if you couldn’t solve it you really should learn at least html.

now the problem:
in this mission you have to find a password that will give you access to the next basic mission, now if you take a look at the page source you will find something interesting:

really easy, now all you have to do is to copy/paste the password, congratz you have accomplished the first mission.