Tuesday, June 18, 2013

hackthissite.org Basic Challenge 1 | Shivang Desai

Hey guys,

I was going through some well known hacking guides and recently I completed a small certification in security field.

Now after having enough knowledge, I felt like keeping this knowledge into practical zone.
But I personally feel, if you get onto Internet without any proper intentions, you will get lost as a newbie in a totally unknown country.

Recently I found vulnerabilities in some good websites but you can't exactly test your skills there on live websites. If something goes wrong then you can get into serious trouble. If its google or facebook which are always open for bounties, then there is no need to worry. But again its not easy to test "basic" things on hi-techies like google or facebook. You will end up with total loss as they are not that mad to keep vulnerabilities open for us.

I was a little bit confused but got a clear idea from a good friend - Aditya Gupta, a well-known guy in the field of security with expertise in mobile security and many more things. He is always there to help me and I can guarantee a way out.

He suggested me to go to this site "hackthissite" and practice. I heard about it earlier but now its the time to start bringing the knowledge into practical zone.

You will just have to register and get started with challenges. But I suggest to go through this site. It has sections like :

  • "Challenges"
  • "Get Informed"
  • "Get Involved"
  • "Communicate"
  • "About HTS" - definitely have a glance.
After this, you can get started with challenges. 

hackthissite.org - Basic Challenge 1

Today I started with  "Basic Missions" under the "Challenges" section. 
First Test (or challenge) was "Basic 1" also known as "The Idiot Test" and it is actually "idiot test".  :-D

After completing I was feeling really good and feeling an idiot too. Why ??
No ! If you are thinking "How can hackthissite (HTS) design such an idiot test?" then please don't think so.

HTS has designed with an intention behind it. 

I tried my hard to do some idiotic things in such a basic test (idiotic as compared to what was needed here) and so am saying that I was feeling like an idiot.
I tried these things :
  • tried BURP proxy
  • tried brute force [ I can't say what all I tried .. :-D ;-D]
  • completely scanned that page for any hint.
Here's how I solved
HTS says that you need to learn HTML for cracking this challenge. The hint was there infront of me.

You just had to see the page source and tadaaa it was done. 

Just go and look at the "page source" of the page. Find the word "password" . You will see something like this screenshot.

That's it. Enter this password into the challenge field and you are set going for next challenge.

I just loved my first day with HTS challenge. Complete experience is going to be just awesome. 

I will be posting other challenges solutions and problems that I faced during solving the challenge. 
I will surely post any idiotic things too that I did during challenges... lol.. ;-)

1 comment: