On that mission you have a web site that has admin access to a email list and you want to acquire that access. On the explanation of the mission there are some key words.
...they used was 10 years out of date and the new password seems to be a 'message digest'... I think it could be something like a so-called hash value. I think you could somehow reverse engineer it or brute force it... Continue reading Hackthisisite realistic mission 5 - cracking hash
What I learn from HTS today is Directory Traversal Attack (DTA). You might learn from Wikipedia. As a summary DTA is a way of accessing the locations that are not intended to be available to plain user, by using input fields of the website. Generally flaw that makes open to DTA is low sanitizing and input validation of applications.
These are the steps to complete the mission.
- Open the hacked index of the web site and open the source of the index see the bottom comment of the hackers. It means we have original index file as oldindex.html
- Type to ...3/oldindex.html
- Open the source and copy all the source of the page.
- Go to "Submit Poetry" page of the site.
- Type ../index.html as name and paste all the copied content to content part of the form.
- submit. That's all 🙂
Today it is the turn for the realistic mission 2 on hackthissite.org.
This mission is all about looking the home page source code. Finding the hidden link on page to directs you to admin page then use basic SQL injection to accomplish the mission.
SQL injection is about typing some malformed values to html forms to make some changes on the application database or get some data that the application owner does not expect us to see them or change. You can learn more about SQL injection from this link.
You need to be able to pass the mission after all the explanation and the reading from the above reference site. If you cannot, it means you need to work some more on hacking the sites. However for the lazy brains here I give the instructions as follows:
- Open the source file of the page.
- See the update.php link on the source. It is hidden on the visuals on the page.
- Find the hidden link and click on it to go to admin login page.
- Now use one of the tricks that you know about sql injection. I used this for both input x' OR 1 = 1;
That's all 🙂
After I pass the basic missions on hackthissite here is the first realistic mission solution of the hackhissite.org. You can see the mission from here.
It is really easy mission if you know about the value passing from the URL of the page to Continue reading PHP parameter trick on hackthissite.org "Realistic Mission 1"
This mission is about the settings on Apache server by .htaccess file that defines the files and the directories are available and visible to the external visitors. You might see more info about .htaccess.
Now when you open the mission you will se some song names going around for each refresh. Search the musics on google and you notice that all the songs are related to Elton John. Is this a coincidence. I don't thin so :). In addition if you look the forum on hackthissite about the mission they give some clues. By depending on these tips try to go /e/l/t/o/n url added to main address of the page. You see that there is no file there after /n. So it is time to see the htaccess file. By the assumption of we have the file here, type .../.htaccess to the url. You will see that two of file is prevented to be shown on file three but we can actually see them. One of the file is DaAnswer. Delete /.htaccess and type /DaAnswer. It says something tricky. "... answer is ---- ...". The answer is lying there ---- part. Copy the word lying instead of ---- and go back to /mission/11/index.php and type this word as a password then you pass the mission.
This exercise of hacthissite is about cookie manipulation. When you open the exercise page it'll insert into your system a cookie that says "User is not authorized".So if you're working on firefox you might use the add-on "Cookies Manager +" to edit the content of any cookie.
Now open the Cookies Manager from tools menu. Search for the "hackthissite" domain. You'll see a cookie that includes "10" inside its domain name. (I plainly too lazy to open it and see the exact name 🙂 ). Find it and open edit on it. You'll see that it says "no" for authorized. Make it "yes" then refresh the page and push to submit.
I am working on the little tricks on hackthissite.com and I am learning more and more about the facts of security of a web app. Here now time to discover about the basic 8. It is all about the SSI. You need to know it for to deal with that problem.
SSI is a way of server side scripting and very effective on large scale web pages with tons of content and different contents. It gives you the powers of changing all your pages by just changing a .txt file. For example you might have a quote that is updates on daily basis so you don not need to change the quote on a html editor (that is long run compared to Continue reading What is SSI (server Side Includes)? -HackThisSite Basic 8 Solution.-