Hack This Site: Basic Web Challenges — Level 5

basic-5-header

Welcome to haxez where today we’re looking at the Hack This Site Basic 5 Web Challenge. If you haven’t read my other posts in the series, you can do so here: Part 1, Part 2, Part 3 and Part 4. This challenge is similar to part 4. As a result, we need to modify the send password to Sam request in order to change his email to our email. However, this time I’m going to use a different method of doing so.

Hack This Site Basic 5
Hack This Site Basic 5

Once logged in, navigate to the Basic 5 challenge and you will see the screen below. This is the same as part 4, there is a password submission box and a Send password to Sam button. You can test the button by clicking it. As a result, the application should tell you that it has sent the password to Sam.

Hack This Site Website
Hack This Site

Intercepting The Basic 5 Web Request

However, instead of modifying the request directly in the source code. We are going to use the Burp Suite web proxy. Burp Suite is a web proxy that allows you to intercept and modify requests. Furthermore, It has its own version of Chromium built-in which means you don’t have to change your browser’s proxy settings. Ensure you have intercept set to on, then in the built-in browser click the Send password to Sam button.

Burp

Navigate back to the Burp Suite client and you will see that the request has been intercepted by Burp. The request is a POST request that is sending the value of the “to” parameter ([email protected]) to level5.php. In short, This is how the email is sent to Sam.

Hack This Site Web 5 Burp Intercepted

Modifying The Basic 5 Request

With the request captured, it can now be modified and changed to your own address. The address you use has to be the one associated with the Hack This Site account or it won’t work. Change the address and click forward, then forward any subsequent requests after that.

Hack This Site Basic 5 Burp Request

Once the request is forwarded, the website should notify you that an email has been sent to your email address.

Password Sent

Forwarding The Web Request

If you go and check the mailbox that you used, you should see a new email from [email protected] email will contain the password required to solve the level. Copy the password and head back to the website and paste it into the submission system.

Web Mail

Congratulations, you have now completed level 5.

Hack This Site Web Completed 5