PROBELM: Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.

SOLUTION: So you try the same steps as level 4 and notice that you are not getting the password. It seems that Sam has become a bit smarter by checking to see if you actually submitted it from the website you were supposed to. To get around this, we can just edit the form using Javascript Injections.

You can get a complete overview of Javascript Injections Here.

After examining the page you see that the form you want to alter is the first form. This gives you the first part of the injection:

Now you want to alter the e-mail parameter value to something will display the password to you. So the following code is produced:

This will change the “to” parameter’s value from “webmaster@hulla-balloo.com” to “missions/basic/5/” which will display the password on the screen. You could also change the e-mail address to your e-mail address but in a real scenario you might want to avoid this if the webmaster is logging emails.

So you take your javascript injection and paste it in the URL box and hit enter. I know nothing happens right? Wrong, the field was changed on the form however you have to now submit the form. Click the button and there you go the password.