Category: Hack This Site

Hack This Site: Javascript Mission – Level 2

Hello World Wide Web and welcome to HaXeZ where today we’re looking at Hack This Site Javascript Mission 2. For this mission, we only need to change a setting within our browser or install a plugin. As a result, we disabled Javascript which allows us to complete the mission….


Hack This Site: Javascript Mission – Level 1

Hello World… wide web and welcome to the one and only HaXeZ, where we will be working out Javascript Mission Level 1 on Hack This Site. We’ve just completed the realistic missions and I thought it was time to take a break and do something a little less intense. So without further ado, let’s get started. Upon navigating to the mission, we get a title called the Idiot Test (very appropriate for me I assure you). Based on the information we have, it sounds like Faith with a small f (bug report submitted) is learning Javascript. Let’s go …


Hack This Site: Realistic Web Mission – Level 16

Hello World Wide Web and welcome to HaXeZ where today we’re looking at the last realistic web application mission from Hack This Site. This mission was difficult for all the wrong reasons. It wasn’t because it was designed in a challenging way. No, it was because it uses Adobe Flash which has been dead for a while now. The challenge itself was a lot of fun despite the technical problems encountered along the way. I don’t know why I’m complaining honestly, I learned an additional nugget of information along the …


Hack This Site: Realistic Web Mission – Level 15

Hello friend, welcome to HaXeZ where today we’re looking at the Hack This Site insane difficulty realistic web mission 15. This mission has a lot of breadcrumbs that we need to follow in order to complete it. It’s much more complex than any other mission and I convinced the person who created just wanted to…


Hack This Site: Realistic Web Mission – Level 14

Hello and welcome to HaXeZ where today we’re looking at Hack This Site Realistic Web Mission 14. Unfortunately, the mission currently appears to be broken so I was unable to solve it using the intended path. I would love for somebody to prove me wrong and show me how to complete this correctly. However, after hitting dead end after dead end I gave up and looked at a number of walkthroughs. The first guide I looked at was Aldeid’s. I also watched Chuck Moore’s youtube video and read this post on the official forums. All of these guides use a null byte to complete the challenge. If you haven’t seen my other posts on the reality series you can do so here: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 and, Part 8….


Hack This Site: Realistic Web Mission – Level 13

Hello, today we’re looking at Hack This Site Realistic Web Mission 13. This is a fun challenge that requires you to gather information from error messages. After obtaining that information, you need to discover the hidden URL to access the admin area. Ultimately, this mission requires knowledge of web application errors, password hashes, and hash…


Hack This Site: Realistic Web Mission – Level 12

Welcome to HaXeZ where today we’re looking at Hack This Site Realistic Web Mission 12. This mission requires us to use the built-in functionality of a crudely implemented web application in order to exploit it. The application functionality is driven by a number of Perl scripts that when used in unintended ways have a detrimental impact on the security of the application. If…


Hack This Site: Realistic Web Mission – Level 11

Howdy, thanks for visiting HaXeZ. Today we’re looking at Hack This Site Realistic Web Mission Level 11. I didn’t enjoy this challenge as much as the others. The reason why is because the mission no longer works as intended. I suspect this may be due to improvements in browser security or changes made to the application. The challenge used to require you to steal cookies through a user agent. However, that no longer appears to be the case. If you haven’t seen my other posts on the realistic series you can do so here: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 and, Part 8…


Hack This Site: Realistic Web Mission – Level 10

Oh hello, fancy seeing you here. Today we’re looking at Hack This Site Realistic Web Mission 10. In other words, we’re going to demonstrate how not to implement authentication mechanisms. Overall, this mission was a lot of fun. It required creating a wordlist from a list of publicly listed teachers. Then, we used that wordlist to brute force the login page to gain access to the staff control panel. Once logged in, we had to flag ourselves as an admin by modifying our cookies. Then, we modified a post request to change the grades. If you haven’t seen my other posts on the realistic series you can do so here: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 and, Part 8…


Hack This Site: Realistic Web Mission – Level 9

Thanks for popping in, today we’re looking at Hack This SIte Realistic Web Mission 9. To put it another way, we are going to take down the software giant crappy soft. No longer will it hold its employees to ransom while they produce subpar software. This mission was a lot of fun, the route to completion had more turns and twists than previous missions. In order to complete this mission, we will be using javascript to steal cookies. Furthermore, we then had to manipulate our cookies to access the payroll system and pay their employees. Once that was done, we had to manipulate a hidden form parameter to delete log files. If you haven’t seen my other posts on the realistic series you can do so here: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7 and, Part 8….