hack this site basic 10

For this 10th basic mission, Sam has used a more “hidden” approach to authenticate users. since viewing the source is a dead end, I tried another approach which is to view the HTTP request headers using Live HTTP headers which is another, very useful firefox addon (grab it here), I could also have used Tamper data for that. Anyway, after monitoring the headers I’ve found an insteresting thing as shown here:

Live HTTP headers

As you can see, it’s an interesting information that we got here, we know that Sam is using a cookies based authentication method this time. We know this, now what?.

Now we must change the value of the cookie named “level10_authorized” to “yes”, and to do this, you can use raw Javascript or use a firefox addon such as tamper data, firebug,etc…

We will do it in raw JavaScript: while on the 10th mission webpage enter this JavaScript code in the address bar:

javascript:function a(){document.cookie="level10_authorized=no";}a();

Now click on the submit button, Congratz, you’ve completed the 10th mission

Hack This Site Basic 4

In this mission which is just a little bit complicated, there are two ways to achieve it: the short way and the long way, but don’t worry, both are easy and all you need is firefox for the first method, or some knowledge of HTML for the second one.

Method I:

As I said before we’ll need firefox (my favorite browser ) and an add-on called “Tamper Data”, and what this basically do is it intercepts all kind of requests made by the browser and let you change requests headers, requests params (post/get) and much more.

after installing Firefox (if you don’t already have it), we’ll install this add-on, and to do so navigate to this page : https://addons.mozilla.org/en-US/firefox/addon/966 and click the “Add to Firefox” button. Or go to the menu Tools -> Add-ons then do a search for “Tamper Data” then follow the instructions on the screen for installing it.

Now we’re ready for the forth mission of HTS, as always you are asked to find a password that will grant you access to the next level, but this time the network security: Sam has written a script that will send him the password in case he forgot it. To bypass his protection go to the Tools menu -> Tamper Data  and hit the “Start tamper” button,

now for every request this add-on will ask you if you want to modify the request or send it unchanged. in our case we want to change the request so we’ll hit the tamper button. now you can see all the details of the request but only one detail interests us which is the “to” post parameter.

Change it’s value to any email address, now you can access the next level.

Method II;

for this second method we need to create a web page that will contain our form with the modified “to” post parameter. our page source should look like this :

mission4.html

<form action="http://www.hackthissite.org/missions/basic/4/level4.php" method="post">
<input name="to" type="hidden" value="whatever@youwant.com" />
<input type="submit" value="show me the password" />
</form>


now load this page into your favorite browser and click on the button and you should see the password, enter it, Congratz, you have completed this 4th mission.

Other ways : there are also other ways to achieve this mission like using JavaScript to modify the page on the fly, it’s up to you to choose which one you wanna use.