Hackthissite ‐ Basic Missions - taylorjohn/hacking GitHub Wiki

Basic Missions

Mission 1. Basic HTML

Basic Level 1

view source

hackthissite basic level 1

Mission 2. Basic HTML

Basic Level 2

Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...

Dude never upload password file so just hit submit with blank field. If you put in a password it will fail. I doubt this will be the case in real life but never hurts to try all possible avenues.

Mission 3. Basic HTML

Basic Level 3

This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

view source

<input type="hidden" name="file" value="password.php" />

goto

https://www.hackthissite.org/missions/basic/3/password.php

view source

<body>2694e834</body>

the password is '2694e834'

Mission 4. HTML Tampering

<input type="hidden" name="to" value="[email protected]" />

Change email "[email protected]" to one you have access to (a throwaway one in practice) and the form will mail you the password to [email protected].

(Note: If this is not the email address on your HackThisSite profile, no email will actually be sent.)

Screenshot 2024-02-10 at 12 53 04 PM

Mission 5. HTML Tampering

Change email "[email protected]" to one you have access to (a throwaway one in practice) and the form will mail you the password to [email protected].

Password reminder successfully sent to [email protected]

(Note: If this is not the email address on your HackThisSite profile, no email will actually be sent.)

Screenshot 2024-02-10 at 12 48 59 PM

Mission 6.

Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form:

Please enter a string to have it encrypted.

[ ] [ Encrypt ]

You have recovered his encrypted password. It is:

41;8hh8>

Decrypt the password and enter it below to advance to the next level.

Password:

[ ] [ Decrypt ]

so enter so characters like 'aaaaa' becomes

Your encrypted string is: 'abcde'

ok lets analyze this for a pattern.

so a +0 then a+1, then a+2 then a+3 you see where this going a+4

so to decrypt or reverse the ascii value we need to do the reverse a-0, then b-1 then c-2, then d-3 and finally e-4

and we get back to 'aaaaa'

I made a quick python file to solve this

Screenshot 2024-02-10 at 1 13 21 PM

Decrypted: 4095dc27

Mission 7. Command Injection

Basic Mission 7

This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory.

In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script:

Enter the year you wish to view and hit 'view'.

Password:

goto https://www.hackthissite.org/missions/basic/7/cal.pl

&& ls

Screenshot 2024-02-10 at 1 30 25 PM

there its is hanging out in there

k1kh31b1n55h.php

Mission 8. **Server Side Includes (SSI). **

Injection of following code to the input text field in the form :

<!--#exec cmd="ls" --> l

we in the tmp dir so we need to back out to the correct one.

<!--#exec cmd="ls ../" -->

Screenshot 2024-02-10 at 1 35 14 PM

au12ha39vc.php so goto

https://www.hackthissite.org/missions/basic/8/au12ha39vc.php

Screenshot 2024-02-10 at 1 38 59 PM

and you get the password '4676ffe4'

Mission 9.

Same vulnerability can be used from previous mission however you will need to go back to mission 8 and navigate into mission 9

<!--#exec cmd="ls ../../9/" -->

Screenshot 2024-02-10 at 1 48 54 PM

navigate to that url in the correct /9/ not the temp or level 8.

p91e283zc3.php

https://www.hackthissite.org/missions/basic/9/p91e283zc3.php

and you will see the password.

Screenshot 2024-02-10 at 1 53 19 PM

5ae99402

boom!!

Mission 10.

edit cookie from No to Yes

Screenshot 2024-02-10 at 1 58 19 PM

save cooke and submit.

you can also do this by intercepting and forwarding the cookie. will add this method later.

Mission 11.

All Elton John Songs

Eventually https://www.hackthissite.org/missions/basic/11/e/ works. Click through the ensuing directories you discover and you'll end up at https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/. his directory seems empty, but try accessing the .htaccess file at https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess.

knowledge of the .htaccess file comes in handy here. used to block google and other bots from crawling and indexing files on your site.

`IndexIgnore DaAnswer.* .htaccess

<Files .htaccess>

require all granted

</Files>`

goto https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/DaAnswer/

Screenshot 2024-02-10 at 2 10 19 PM

says

The answer is available! Just look a little harder.

which is a stupid riddle for the password being 'available'

got https://www.hackthissite.org/missions/basic/11/index.php

to enter it

boom Basic is completed

⚠️ **GitHub.com Fallback** ⚠️