Hack This Site: Basic Web Challenges – Level 5

Hack This Site Basic Web 5

Welcome back to my series on the Hack This Site Basic Web Challenges. Today we are looking at basic challenge level 5. If you haven’t read my other posts in the series, you can do so here: Part 1, Part 2, Part 3 and Part 4. This challenge is similar to part 4. We need to modify the Send password to Sam request in order to change his email to our email. However this time I’m going to use a different method of doing so.

Hack This Site: Basic Web Challenges – Level 5
Hack This Site: Basic Web Challenges – Level 5

Once you have logged in, navigate to the Basic 5 challenge and you will see the screen below. This is the same as part 4, there is a password submission box and a Send password to Sam button. You can test the button by clicking it. The application should tell you that it has sent the password to Sam.

Basic Web Challenge 5
Password Submission Screen

Intercepting The Web Request

However, instead of modifying the request directly in the source code. We are going to use the Burp Suite web proxy. Burp Suite is a web proxy that allows you to intercept and modify requests. It has its own version of Chromium built-in which means you don’t have to change your browser’s proxy settings. Ensure you have intercept set to on, then in the built-in browser click the Send password to Sam button.

Burp Proxy intercept turned on
Burp Web Proxy intercept turned on

Navigate back to the Burp Suite client and you will see that the request has been intercepted by Burp. The request is a POST request that is sending the value of the “to” parameter ([email protected]) to level5.php. This is how the email is sent to Sam.

Burp Web Proxy POST Intercepted
Burp Web Proxy POST Request Intercepted

Modifying The Request

With the request captured, it can now be modified and changed to your own address. The address you use has to be the one associated with the Hack This Site account or it won’t work. Change the address and click forward, then forward any subsequent requests after that.

Burp Web Proxy POST Request Modified
Burp Web Proxy POST Request Modified

Once the request is forwarded, the website should notify you that an email has been sent to your email address.

Hack This Site Password Sent
Password Sent

Forwarding The Web Request

If you go and check the mailbox that you used, you should see a new email from [email protected]. The email will contain the password required to solve the level. Copy the password and head back to the website and paste it into the submission system.

Webmail Received Password
Webmail Received Password

Congratulations, you have now completed level 5.

Basic Challenge Level 5 Completed
Basic Web Challenge Level 5 Completed

Please feel free to watch my video on this challenge below.