Hackthissite Basic 8

1 view
Skip to first unread message

Faith Lienhard

unread,
Aug 3, 2024, 6:00:02 PM8/3/24
to mondfirbimas

In this blog post, I'll go through the solutions for each of HackThisSite's basic challenges. The intention is to help you if you get stuck, so you'll benefit most if you only scroll down as far as needed to get past the point where you are currently blocked.

The HackThisSite community strongly encourage ethical disclosure - only using the techniques that they teach to break into web services that have explicitly given you permission to do so, and reporting any vulnerabilities in a private and ethical way so that they can be patched rather than exploited by bad actors.

For those that are completely new to hacking, HackThisSite has several real-world style example environments in their playground where you can learn and practice the essential skills that you'll need.

In order to get you started, HackThisSite provides several basic challenges that you can sink your teeth into and attempt. They start off extremely simple, allowing almost anyone with basic web development knowledge to get started!

One simple way is to View Page Source or using the Dev Tools Inspector. If you look at the page source, you will find this challenge's password hiding in plain sight!

If the web server fails on this silently, it will probably end up storing a blank value or an empty string in the variable used to compare against your entered password (since the password file contents were never loaded into that variable).

The first step is - once again - exploration. We need to investigate all of the information that is shared with us publicly, and look for clues at how we can exploit the way the server is doing things for our benefit.

It will need to be URL-encoded, so if your registered email contains special characters you'll need to replace those with their URL-encoded equivalents. For example: if you have a plus (+) in your email address, that would become %2B.

Since we do not have access to the encryption code, we'll have to look for patterns in known pairs of encrypted and unencryped values. We can do that by entering random strings into the first box, and recording what the resulting encryped value is for each.

For example, aaaaa becomes abcde - this tells us that the same character is encryped differently based on position in the string, so it's not a simple cypher where one thing always matches something else. It also shows us that the difference is sequential!

Now, use what we've learned to solve the challenge. Take note that the first character does not change. The encryped version is identical to what you passed in. Every other character changes based on the position in the string.

HINT: The solution for the last level involved navigating up one directory by exploiting the SHTML file, using ls .. in to escape the 'tmp' directory. This time, you just need to navigate a few more directories up instead.

In order to display something different (the restricted contents, rather than the login form), this file needs to check if the user is logged in when it is loaded. Based on that answer, it would either display the form or the hidden content.

The hint from the basic missions list for lesson 11 is that Sam unfortunately "does not understand Apache". To solve this one, you'll need to have some basic knowledge about how Apache works - more knowledge than Sam, anyway!

In this post I will be documenting most of the Basic Challenges found on HackThisSite.org. Completing these challenges will give you a very basic overview of HTML and Javascript Injection. The rest of the challenges will be documented in another post.

Description: This level is what we call "The Idiot Test", if you can't complete it, don't give up on learning all you can, but, don't go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue.

The purpose of the first challenge is to test your HTML knowledge. Although nothing appears to be visible on the page, the password is commented out on the source code using Javascript. Inspecting the source is how this challenged will be solved.

Description: Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...

The action will tell the form where to go next once the form is submitted. The method is how this information will be transmit, $_POST suggest that the information will be sent to the server for interpretation, and $_GET suggests that there will be information that will be obtained from the server. In this case we will be sending the password.

Description: This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script

I found this challenge to be interesting because it can be completed in more than one way. One way is by using your knowledge on HTML, which is the easier way out of the two, and the second one is by using your knowledge on Javascript, which can be accomplished by using Javascript Injection to modify form values. Lets take a look at both these methods. The first method will cover HTML.

In order to pull this attack off, it is necessary to understand how javascript handles forms. Every form in Javascript is contained in an array called forms[x], where x is the number of forms on the page starting from zero. This is important for this challenge because the value that we want to edit on this page is on the first form, therefore in our injection point, we will be using forms[0]. Changing the value of s...@hackthissite.org can be accomplished in two ways. The first is accessing the name of the input type and inserting our own value, and the second way is by modifying the element that corresponds to that value and inserting our own.

The last method to finish this challenge is by modifying the element that corresponds to that value and editing it. To accomplish this, we first need to understand what are elements when it comes to javascript. An HTML element is an single component of a form. These components represent a value within the forms, they can represent values throughout the entire markup. Take a look at the source code below provided by the challenge:

Cheers to another completed Community Byte project! Things went well regarding timeliness and being friendly to the other coders and students. If you've got ideas for our next mission, or an idea for a tutorial, submit them to me. Friday, our mission was to take out HackThisSite, basic mission 5. This mission focused on JavaScript, again. This time there is a little bit more security in place.

These missions are for everyone here, and you can join at any time. Your experience level doesn't matter. HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it. This week's mission on HackThisSite was to recover the admin password by manipulating an I forgot my password form action, however, this time there was an added brick wall.

Since this is posting, we can't edit the HTML and try the webpage we edited locally, like last time. This time, we have to edit it with JavaScript in real time.
javascript:alert(document.forms[0].to.value="mye...@gmail.com")

Next week, I might be planning on setting up a virtual machine, or a remote host for the members to hack live. We will walk through getting root access and covering our tracks on a controlled server. Any thoughts? Let me know in the forums. Follow Null Byte on Twitter and G+ for the latest tutorial updates. Feel free to drop other members a few lines in the IRC. Happy hacking everyone!

Another great Community Byte in the bag! This week was really cool, especially with programming going on twice a week. We transitioned to the new times very smoothly with no one left behind, from what I can tell.

Friday's mission was to accomplish solving HackThisSite, basic mission 6, which required us to do a bit of reverse encryption. This requires a small amount of deductive reasoning, and logic. If you think outside-the-box, you can come up with a nice simple solution to a potentially complex problem.

These missions are for everyone here, and you can join at any time. Your experience level doesn't matter.HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it. This week's mission on HackThisSite was to reverse the encryption algorithm thrown at us by analyzing numbers that we run through the algorithm ourselves.

At the missions start, we are presented with a nice greeting.
"Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:"

Now, if you sit and think for a minute, logic tells you that you should pass a single, repeated number so we can see exactly how it manipulates the number. Also, if you count how many characters the example has, it has 8. This means that we should also use 8 in your example number. I put in "11111111" as my number.

To solve this puzzle, we simply take a look at an ASCII chart, and reverse the numbers by going up the chart by the value added to the number in the algorithm. For example, the first slot remains 7, the second is 4. Can you tell me the rest? The rest of the people who attended can tell me!

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages