Hello and welcome to haxez where I try to simplify CyberSecurity. This post is a walkthrough of the Hack This Site Basic 6 web challenge . If this is your first time here you can read the previous posts here: Part 1, Part 2, Part 3, Part 4, and Part 5. This challenge is about reverse-engineering the Basic 6 encryption mechanism that Sam is using to encrypt his password.

After logging in, you will see the following screen which reads. “Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form”. There is also an input box, which lets you test out the encryption mechanism. In order to test the mechanism, we need to feed it some data to see how it transforms it.

Basic 6 Web Encryption Mechanism

As you can see from the output below, the mechanism has converted 11111111 to 12345678. This allows us to deduce, that the encryption mechanism is adding 1 to a base value of 0. It is then incrementing that value and applying it to the submitted value. Essentially, the first character remains the same. The second character is increased by 1. Then, the third character is increased by 2 and so on and so forth.

However, the password contains non-alphanumeric characters such as semicolons and an equals sign. These non-alphanumeric characters, can’t be increased using simple arithmetic. They must be being converted to their ASCII decimal values before being put through the algorithm. We can test this by feeding the mechanism some special characters and seeing what happens.

As you can see from the results below, it is incrementing the non-alphanumerical characters too.

The inputted value of ‘!!!!!!‘ becomes ‘!"#$%&‘(‘. This does appear to confirm my theory, that it is converting the inputted value to the ASCII decimal value. Then, for every character in the string, the value is incremented by its position in the string starting from 0. It then converts it back from ASCII decimal to a human-readable format.

Bash Scripting the Solution

In order to solve this challenge, I wrote a basic bash script that reverses the encryption process. It takes the string and converts each character to its ASCII decimal value. It then subtracts 0 from the first character and loops around increasing the value to be subtracted by 1. Once the subtraction is complete, it converts the ASCII decimal back into a human-readable format, giving you the original password.

#!/bin/bash
# This is a script that will solve the password challenge of Hack This Site basic level 6.
# The password is dynamically generated so please replace the value of MyString with the password.
MyString='62cf4;j=' #replace this value
i=0
base=0
echo "Converting to ascii value"
while (( i++ < ${#MyString} ))
do
   char=$(expr substr "$MyString" $i 1)
    for j in `printf "%d" \'$char` ; do
    	j=$((j+base))
    	printf \\$(printf '%03o' $j)
    	base=$((base-1))
    done;
done;

You can copy the script below and save it as decrypt.sh. You will then need to modify the permissions so that the script is executable. This can be done by running chmod +x decrypt.sh. You can then run the script by typing ./decrypt.sh in your terminal and it will output the correct password as you can see below.

─[joe@parrot]─[~]
└──╼ [★]$ ./decrypt.sh 
Converting to ascii value
61ac06d6

All you now need to do is to take the output string and paste it into the password submission system and you will complete the challenge.

That’s all from me today. I apologise if my explanation of the encryption and decryption mechanism was a bit hard to follow.

Welcome to haxez where today we’re looking at the Hack This Site Basic 5 Web Challenge. If you haven’t read my other posts in the series, you can do so here: Part 1, Part 2, Part 3 and Part 4. This challenge is similar to part 4. As a result, we need to modify the send password to Sam request in order to change his email to our email. However, this time I’m going to use a different method of doing so.

Once logged in, navigate to the Basic 5 challenge and you will see the screen below. This is the same as part 4, there is a password submission box and a Send password to Sam button. You can test the button by clicking it. As a result, the application should tell you that it has sent the password to Sam.

Intercepting The Basic 5 Web Request

However, instead of modifying the request directly in the source code. We are going to use the Burp Suite web proxy. Burp Suite is a web proxy that allows you to intercept and modify requests. Furthermore, It has its own version of Chromium built-in which means you don’t have to change your browser’s proxy settings. Ensure you have intercept set to on, then in the built-in browser click the Send password to Sam button.

Navigate back to the Burp Suite client and you will see that the request has been intercepted by Burp. The request is a POST request that is sending the value of the “to” parameter ([email protected]) to level5.php. In short, This is how the email is sent to Sam.

Modifying The Basic 5 Request

With the request captured, it can now be modified and changed to your own address. The address you use has to be the one associated with the Hack This Site account or it won’t work. Change the address and click forward, then forward any subsequent requests after that.

Once the request is forwarded, the website should notify you that an email has been sent to your email address.

Forwarding The Web Request

If you go and check the mailbox that you used, you should see a new email from [email protected] email will contain the password required to solve the level. Copy the password and head back to the website and paste it into the submission system.

Congratulations, you have now completed level 5.

Hello world and welcome to haxez, in this post we are looking at Hack This Site Basic Web Challenge Level 4. If you haven’t read through my previous posts in this series then you can find them here: Part 1, Part 2 and Part 3. This challenge requires the user to have some knowledge of HTML. The objective of this challenge is to recover the password however sneaky Sam has added an email script to the application.

Viewing The Basic 4 Web App

After logging in to Hack This Site and navigating to the basic web challenge level 4, you will be presented with the screen below. The text reads as follows “This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:”

Inspecting The Basic 4 Web Page Source

The concept behind this is simple, if Sam needs the password he will press the button and email it to himself. We need to manipulate the script so that the password is sent to us instead of Sam. To do that we need to view the web page source and see what the script is doing. The screenshot below shows that the email address [email protected] is being posted to level4.php when the button is clicked.

Modifying The Basic 4 Page

We can modify the page source directly through developer mode. By double-clicking the current email address, we can replace it with our own. Once we have changed the email address we can click the “Send password to Sam” button and it will send the password to our email address.

Submitting The Web Request

After clicking submit go and check your mailbox to see if the password has arrived. The email will be from [email protected] and will contain the password. If you open the email you should be able to copy the password and paste it into the password submission system.

This was a fun challenge that teaches a valuable lesson about hardcoding passwords or other credentials within applications. If the code is rendered client-side then no sensitive information should be included in the code.

Hello world and welcome to haxez, in this post we will be taking on the Hack This Site basic 3 web challenge. Hack This Site is a great location to learn web application security. In fact, It is the first website where I started my hacking journey. This challenge involves some knowledge of how web applications are structure. Most web applications use a hierarchical layering whereby. As a result, the first page you find will tend to be in the first directory. Then, the sub directories may contain other information. For instance, if I wanted to access the about section of a web application I would visit https://haxez.org/about/ where haxez.org is the root and about is a page.

After logging in to the site and navigating to the basic challenges. Select level 3. It will say the following.

“This time Network Security Sam remembered to upload the password file, but there were deeper problems than that”.

The blurbs of text try to give us a clue about how to solve the challenge. On this particular challenge the word deeper stuck out to me. What could they mean by going deeper? These challenges were out before the movie inception so it can’t be a reference to that.

Solving Basic 3

By going deeper in the directory structure or the file path structure, the user should be able to retrieve the password. By visiting https://www.hackthissite.org/missions/basic/3/password.php and viewing the page source you should be able to retrieve the password.

This is a good example of what to look for in web application tests and how easy things can be overlooked. By mapping out the directory structure you not only get a clearer picture on how the application works, but you also might find something interesting like login pages, sitemaps or robots.txt files with sensitive information.

Thats all for now, see you next time.

Hello world and welcome to haxez. This post is about web hacking and walks through the basic challenge level 1 on Hack This Site. This is a short and sweet article today as I’m going away for the weekend. This challenge is fairly easy even for the less computer literate. The purpose of this challenge is to get the user to view the source code of the application in order to retrieve the poorly hidden password. After creating an account and logging in, head over to the basic challenges and go to basic challenge 1. You should be greeted with a screen like the one below.

Basic 1 Page Source

This challenge is a basic challenge that asks you find the hidden password for the input box on the page. One of the most fundamental skills in web application testing is to view the page source. This can easily be achieved by right clicking on the page and selecting view page source from the context menu. Once you have the page source window open, you should see a lot of code.

You can manually look through the code or you can hit control and F and that should bring up the search box. Once the search box is up, you should be able to search for the word password and the search facility should automatically jump you to the section of code that contains the password.

As you can see from the snippet of code below, you should be able to retrieve the password and submit it to the application. The password is 0c620cce.

Congratulations, you have completed Basic challenge 1. I know this one was very easy but I love Hack This Site and didn’t feel that my blog would be complete without it.