Basic Mission 5

Learn new things
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]

Posting these will result in warnings/bans!

Basic Mission 5

Post by limdis on Mon Dec 30, 2013 5:33 pm
([msg=78668]see Basic Mission 5[/msg])

Requirements:
Javascript, an email address.


If you are reading this it is likely for one of two reasons. One, you aren’t sure why the same method to complete Basic 4 isn’t working. Or, two, you are wondering why this was solved the same you completed Basic 4. I’ll explain.

In Basic 4, Network Security Sam was not verifying referers which is why if you chose to complete the challenge by recreating the webpage on your desktop it worked. You performed a VERY crude example of a cross-site request forgery (CSRF) attack. Because the referer was not being validated it allowed you to send the request from a different host (i.e. yourself).

Now, what I just said might have confused you. That's alright, take some time later to Google it. Remember these are basic missions right now! However, in Basic 5, Network Security Sam fixed his code. This time the request HAS to come from his site. With HTML alone you cannot change what is on a webpage, as you have (hopefully) already found, so it’s now time to dive into Javascript! You will need to perform what is called a Javascript Injection to change where the password is sent this time.

Take your time. Don’t cheat. Don’t become reliant on tools.

Hint: Figure out how to open up your browser console.
Good luck!



Do not post spoilers!
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by joethehacker25 on Sun Jan 12, 2014 2:12 am
([msg=78866]see Re: Basic Mission 5[/msg])

I know that saving the source code, taking out the referrer program and then using the new code doesn't work because I have tried it. I am new to this so I was just wondering why it doesn't work.
joethehacker25
New User
New User
 
Posts: 1
Joined: Sun Jan 12, 2014 2:08 am
Blog: View Blog (0)


Re: Basic Mission 5

Post by SgtCostello on Sun Jan 12, 2014 4:46 am
([msg=78868]see Re: Basic Mission 5[/msg])

joethehacker25 wrote:I know that saving the source code, taking out the referrer program and then using the new code doesn't work because I have tried it. I am new to this so I was just wondering why it doesn't work.


This should help you understand why that doesn't work.

limdis wrote:However, in Basic 5, Network Security Sam fixed his code. This time the request HAS to come from his site. With HTML alone you cannot change what is on a webpage, as you have (hopefully) already found, so it’s now time to dive into Javascript! You will need to perform what is called a Javascript Injection to change where the password is sent this time.


Now that you know why THAT won't work, If you're still having issues, LimDis drops some pretty big hints in the above post as to what WILL. In fact, he kind of points out the exact keywords for you to google.
User avatar
SgtCostello
New User
New User
 
Posts: 12
Joined: Thu Dec 05, 2013 9:34 am
Blog: View Blog (0)


Re: Basic Mission 5

Post by RiMann91 on Mon Jan 27, 2014 12:15 pm
([msg=79149]see Re: Basic Mission 5[/msg])

Ok so I solved Basic 5 the same exact way I solved basic 4. I did not edit anything from my desktop on either of them, rather I used a tool in my browser that allows me to edit client side. it worked both times and i did not use any javascript in level five. At least I dont think I did because I dont know java. Anyway I feel like I am missing something and im here to learn as much as I can every mission, not just to complete them. So what am I missing? also You said to learn how to open a consol from my browser? are you talking about viewing page source or something else? thanks for the help
RiMann91
New User
New User
 
Posts: 1
Joined: Mon Jan 27, 2014 12:02 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by fashizzlepop on Mon Jan 27, 2014 2:02 pm
([msg=79151]see Re: Basic Mission 5[/msg])

RiMann91 wrote:Ok so I solved Basic 5 the same exact way I solved basic 4.

This is common. 4 can be solved in a technically simpler way.
i did not use any javascript in level five.

This tool is written and uses JS to edit pages. You just didn't have to do it yourself, although this is a good challenge for further experience.
At least I dont think I did because I dont know java.

JavaScript and Java are two separate languages. JavaScript is *very* different from Java.
Anyway I feel like I am missing something and im here to learn as much as I can every mission, not just to complete them. So what am I missing? also You said to learn how to open a consol from my browser? are you talking about viewing page source or something else? thanks for the help

Try solving the 4th mission by saving the page to your desktop and then solve this mission by using inline JavaScript.

The console refers to the JavaScript console which can be found in inspect element and/or Firebug.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by White_Smoke on Tue Feb 04, 2014 7:36 pm
([msg=79291]see Re: Basic Mission 5[/msg])

Uhm.. i feel a bit embarrassed.. i knew what to do, just did not get the mail... so i retried.. and retried again.. stil nothing. so i hopped on the forum, looking for a subtle hint. what i found here was exactly what i was doing on the page. so i wondered where i went wrong.. and tried again a few times. finally, i saw the light. just injecting is not enough, i forgot to click the <send password> button every time :oops:
User avatar
White_Smoke
New User
New User
 
Posts: 3
Joined: Tue Feb 04, 2014 7:29 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by fashizzlepop on Tue Feb 04, 2014 7:41 pm
([msg=79292]see Re: Basic Mission 5[/msg])

Don't worry. This kinda stuff happens to the best of us.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by Huzaifi on Sun Feb 16, 2014 10:39 am
([msg=79510]see Re: Basic Mission 5[/msg])

Even if you haven't learned JavaScript, you can complete this one.

Google is your friend.

Ask it about that which was stated by Lidmis.
Huzaifi
New User
New User
 
Posts: 6
Joined: Sun Feb 16, 2014 6:32 am
Blog: View Blog (0)


Re: Basic Mission 5

Post by ghostfart on Mon Feb 17, 2014 9:08 pm
([msg=79530]see Re: Basic Mission 5[/msg])

I was able to inject the JavaScript, I was redirected to the "Password reminder successfully sent." page...but no email. I've entered it in multiple times...no email for me. I pressed the "send password" button with injection in the proper place...nothing. I walked to the empty cubical, sat in the darkness and felt shame.

This is an incredible experience, I for one appreciate it. Thanks.
ghostfart
New User
New User
 
Posts: 4
Joined: Mon Feb 17, 2014 8:59 pm
Blog: View Blog (0)


Re: Basic Mission 5

Post by Huzaifi on Tue Feb 18, 2014 1:39 pm
([msg=79540]see Re: Basic Mission 5[/msg])

Relax, take some time off. Think about what you might be doing wrong. Ask Google (a second or third time). Then come back and try again.
Huzaifi
New User
New User
 
Posts: 6
Joined: Sun Feb 16, 2014 6:32 am
Blog: View Blog (0)


Next

Return to Basic

Who is online

Users browsing this forum: No registered users and 0 guests