Tuesday, June 25, 2013

hackthissite.org Basic Challenge 5 | Shivang Desai

Hi guys,

Here's the basic challenge 6 of hackthissite.org

Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.

This time I tried the same as challenge 4 solution but it gave me an error of “invalid referrer”
There was no hint but soon I noticed one at main page of basic challenges.

It said “Requirements: HTML knowledge, JS or FF, an email address.”
The “page source” thing did not worked directly for me.
We had to somehow change the form value and set it to our desired value.
So from three things :- HTML knowledge, JS and email address two things were already cleared.

We already have an email address and we know that basic HTML was not going to work. The single thing remaining was JS (javascript). 
After some research on internet I found how we will have to insert the “value”.

javascript:alert(document.forms[0].to.value="your email address")

According to the DOM principles, if there are more than one forms on a document then they are recognized by forms[0], forms[1],forms[2] etc.

Now we needed to change to “value” of first form as that’s what we needed.
I just copy pasted that javascript statement and a pop-up of the email address entered will be seen.
As soon as you click “ok” on the pop-up, you will be redirected to same page ie
“https://www.hackthissite.org/missions/basic/5/”

That’s it. We have set the value and now you just need to click the button “Send Password to Sam” again.


You will get the page displaying password.

Copy and paste this password in the textbox and click "submit"...

2 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Darknet legit financial vendors and scam marketplace reviews | FULLZ, CC can be bought
    from Deepweb - Darknet Financial Vendors.

    ReplyDelete