HTS Basic Level 10

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBLEM: Enter password Please enter a password to gain access to level 10 SOLUTION: Remember level 5 and Javascript Injections, well here we go again. You start by looking at the source code and find nothing. Then you enter in a random password, get a authorization error and look around that site and nothing. What is going on? Well let’s take a look at our cookies. Most browsers tell you where they store cookies and if you are...

Read More

HTS Basic Level 9

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBLEM: Network Security Sam is going down with the ship – he’s determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/. In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a...

Read More

HTS Basic Level 8

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBLEM: Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/ However, Sam’s young daughter Stephanie has just learned to program in PHP. She’s talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote an script to...

Read More

HTS Basic Level 7

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBLEM: This time Network Security sam has saved the unencrypted level7 password in an obscurely named file saved in this very directory. In other unrelated news, Sam has set up a script that returns the output from the UNIX cal command. Here is the script: SOLUTION: Level 7 is a very easy level, if you are a Linux user. We don’t even have to check the source. The HackThisSite.org crew is kind enough to tell us where the password is: in an...

Read More

HTS Basic Level 6

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBLEM: Network Security Sam has encrypted his password. The encryption system is publically available and can be accessed with this form: SOLUTION: When I first looked at this page I was confused a bit about why there was an encrypt button. Reason for the confusion is with enough trial and you can probably figure out the encryption schema. Then I thought, these are basic missions so I guess HTS was throwing us a bone. So what did I do. Well...

Read More

HTS Basic Level 5

Posted by on Aug 11, 2008 in Hack This Site Basic |

PROBELM: Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure. SOLUTION: So you try the same steps as level 4 and notice that you are not getting the password. It seems that Sam has become a bit smarter by checking to see if you actually submitted it from the website you were supposed to. To get around this, we can...

Read More