Author: haxez

Welcome to haxez where today we’re looking at the Hack This Site Basic 5 Web Challenge. If you haven’t read my other posts in the series, you can do so here: Part 1, Part 2, Part 3 and Part 4. This challenge is similar to part 4. As a result, we need to modify the send password to Sam request in order to change his email to our email. However, this time I’m going to use a different method of doing so.

Once logged in, navigate to the Basic 5 challenge and you will see the screen below. This is the same as part 4, there is a password submission box and a Send password to Sam button. You can test the button by clicking it. As a result, the application should tell you that it has sent the password to Sam.

Intercepting The Basic 5 Web Request

However, instead of modifying the request directly in the source code. We are going to use the Burp Suite web proxy. Burp Suite is a web proxy that allows you to intercept and modify requests. Furthermore, It has its own version of Chromium built-in which means you don’t have to change your browser’s proxy settings. Ensure you have intercept set to on, then in the built-in browser click the Send password to Sam button.

Navigate back to the Burp Suite client and you will see that the request has been intercepted by Burp. The request is a POST request that is sending the value of the “to” parameter ([email protected]) to level5.php. In short, This is how the email is sent to Sam.

Modifying The Basic 5 Request

With the request captured, it can now be modified and changed to your own address. The address you use has to be the one associated with the Hack This Site account or it won’t work. Change the address and click forward, then forward any subsequent requests after that.

Once the request is forwarded, the website should notify you that an email has been sent to your email address.

Forwarding The Web Request

If you go and check the mailbox that you used, you should see a new email from [email protected] email will contain the password required to solve the level. Copy the password and head back to the website and paste it into the submission system.

Congratulations, you have now completed level 5.

Hello world and welcome to haxez, in this post we are looking at Hack This Site Basic Web Challenge Level 4. If you haven’t read through my previous posts in this series then you can find them here: Part 1, Part 2 and Part 3. This challenge requires the user to have some knowledge of HTML. The objective of this challenge is to recover the password however sneaky Sam has added an email script to the application.

Viewing The Basic 4 Web App

After logging in to Hack This Site and navigating to the basic web challenge level 4, you will be presented with the screen below. The text reads as follows “This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:”

Inspecting The Basic 4 Web Page Source

The concept behind this is simple, if Sam needs the password he will press the button and email it to himself. We need to manipulate the script so that the password is sent to us instead of Sam. To do that we need to view the web page source and see what the script is doing. The screenshot below shows that the email address [email protected] is being posted to level4.php when the button is clicked.

Modifying The Basic 4 Page

We can modify the page source directly through developer mode. By double-clicking the current email address, we can replace it with our own. Once we have changed the email address we can click the “Send password to Sam” button and it will send the password to our email address.

Submitting The Web Request

After clicking submit go and check your mailbox to see if the password has arrived. The email will be from [email protected] and will contain the password. If you open the email you should be able to copy the password and paste it into the password submission system.

This was a fun challenge that teaches a valuable lesson about hardcoding passwords or other credentials within applications. If the code is rendered client-side then no sensitive information should be included in the code.

Hello world and welcome to haxez, in this post we will be taking on the Hack This Site basic 3 web challenge. Hack This Site is a great location to learn web application security. In fact, It is the first website where I started my hacking journey. This challenge involves some knowledge of how web applications are structure. Most web applications use a hierarchical layering whereby. As a result, the first page you find will tend to be in the first directory. Then, the sub directories may contain other information. For instance, if I wanted to access the about section of a web application I would visit https://haxez.org/about/ where haxez.org is the root and about is a page.

After logging in to the site and navigating to the basic challenges. Select level 3. It will say the following.

“This time Network Security Sam remembered to upload the password file, but there were deeper problems than that”.

The blurbs of text try to give us a clue about how to solve the challenge. On this particular challenge the word deeper stuck out to me. What could they mean by going deeper? These challenges were out before the movie inception so it can’t be a reference to that.

Solving Basic 3

By going deeper in the directory structure or the file path structure, the user should be able to retrieve the password. By visiting https://www.hackthissite.org/missions/basic/3/password.php and viewing the page source you should be able to retrieve the password.

This is a good example of what to look for in web application tests and how easy things can be overlooked. By mapping out the directory structure you not only get a clearer picture on how the application works, but you also might find something interesting like login pages, sitemaps or robots.txt files with sensitive information.

Thats all for now, see you next time.

Hello world and welcome to haxez. This post is about web hacking and walks through the basic challenge level 1 on Hack This Site. This is a short and sweet article today as I’m going away for the weekend. This challenge is fairly easy even for the less computer literate. The purpose of this challenge is to get the user to view the source code of the application in order to retrieve the poorly hidden password. After creating an account and logging in, head over to the basic challenges and go to basic challenge 1. You should be greeted with a screen like the one below.

Basic 1 Page Source

This challenge is a basic challenge that asks you find the hidden password for the input box on the page. One of the most fundamental skills in web application testing is to view the page source. This can easily be achieved by right clicking on the page and selecting view page source from the context menu. Once you have the page source window open, you should see a lot of code.

You can manually look through the code or you can hit control and F and that should bring up the search box. Once the search box is up, you should be able to search for the word password and the search facility should automatically jump you to the section of code that contains the password.

As you can see from the snippet of code below, you should be able to retrieve the password and submit it to the application. The password is 0c620cce.

Congratulations, you have completed Basic challenge 1. I know this one was very easy but I love Hack This Site and didn’t feel that my blog would be complete without it.