"One of the best ways to get yourself a reputation as a dangerous citizen these days is to go about repeating the very phrases which our founding fathers used in the great struggle for independence." --Charles Austin Beard
A.) A better understanding of HTML.
B.) A basic understanding of PHP.
C.) Completion of the basic missions.
D.) Plus more!! (not going to put all of this into detail :P).
If you are reading this I just want to say thanks because I am still a new member of this site and I am loving every moment of it. I would also like to state that this is my first tutorial and I would love if you would post comments about it and give me some feedback so I can improve on the next one I might consider making in the future if this one turns out good. So please read carefully and I hope I made it as clear as I can. If you ever have any questions please do not hesitate to PM here on hackthissite.org :). Also please note that this might be a spoiler but I tried my best not to make it one.
Requirements:
A. Very basic knowledge of HTML
B. ability to READ
Let's start off by saying the password box if NOT FOR YOUR PASSWORD! Okay as you read this is very simple. It is so simple you are going to smack yourself in the face and be like wtf?!?! To how stupid and easy this is. Okay first thing is first. It does not matter if you’re on firefox or IE your browser will be work on this one. Either right click and click on view source/view page source or click on view and then source/page source. There is actually where some people screw up. You need to look through the HTML coding carefully until you hit a comment tag, go to w3school if you don't know what that is. Comment tags will not show up as text nor be executed. If you didn't know what I was talking about- and there should be something there to help you within the source of the page ;). Good luck! XD
Requirements:
A. Really nothing is required besides what it says... COMMONSENSE.
When I first tried this I thought there was a catch to it because it seemed way too easy. Well there is no catch XD. Ok please pay a large amount of attention to this quote taking directly from Basic 2 mission. "However, he neglected to upload the password file..." Now read it a few times. This should be enough to get you to realize that he forgot to do something (duh). So try a few things on the password thing with that statement in mind. Okay, so enough said on that I am going to end Basic 2.
FNote: Basically, the script tells the password to compare the password hosted password.
As long as they are the same, it should let you through. Now think, if it's not uploaded, it's comparing to null, or nothing...
Requirements:
A. basic knowledge of HTML if not able to read and understand it
Okay, this one is yet again very easy to figure out. Now from the information they give us about our mission. Sam has the password in a file somewhere on their server. Now that we know that high amount of information this gives us a very distinct clue. We need to know figure out where the password file is. Seeing that you hopefully know the basics of HTML, you must know that the form or the password field has to lead to somewhere or in other words it has a location within the form coding to pin point the location of the password. So just go into the source of the page. Find where the form is and look for the file and your on your own from here ;) LOL it is kind of simple and common sense.
FNOTE: This goes to what I was saying on the mission above, now it’s checking for the password at the right location, again, our handy commonsense comes into play…
Requirements:
A. little bit more than basic knowledge of HTML but this is still a little basic. But I recommend reading up on HTML anyway from w3schools, it has helped me out a lot in being a webmaster and coding my own website :)
B. I also recommend using Firefox for this one because there is a bug for when you go to send an email to your account instead it will just give you the password. It saves a lot of time.
The first thing I want to say is congrats on completing that last level. Okay, now that that is over, time to get back the tutorial. Okay this is getting a bit more into being able to change simple thing in a form within an HTML document. Now yet again go to the source of the HTML document and yet again get to where your mission is. Okay once you find it, there will be two forms. One is for sending the password to your email and the other one is for entering the password. Look at the form that has to do with sending the password to your email.
Now copy the first form and paste it into a blank notepad. Now here is where editing is needed. Ok where it says <form action="/missions/basic/4/level4.php" notice that the form action points to a subdirectory. Now I hope you know that you will have to change this because you do not have any of these files on your computer. So you will have to obviously change this. So how do we get it to link to HTS?
Now that you have that done. Change the email to yours, and then save it as an HTML document by just adding the .html at the end of the name of the document and save it to your desktop so it is easier to get to. Now like I said before I recommend you use Firefox due to the bug so you will not have to do more work than you already have to. I think you can finish the rest. It would be kind of pointless to tell you because it would spoil it even more than I already did.
FNOTE: Edit out spoilers, minor typo, random lol and zomgs. And here’s the theory of this mission:
Basically, what you did up there is reproducing a webpage above, and then exploits it. That’s really a big fuss to do for me. That is, if you know (*faith checks for Silent-Shadow* >.>) inline JavaScript. You’d run into it later, this level is extremely simple with inline JavaScript, great article here. Great Article! Another Great Article!
*the Silent-Shadow is the admin of our site. Last time I misused the term, she tripped. (Really hard)
Requirements:
A. some knowledge of Inline Javascript (I will teach you a little bit about it in this section)
FNOTE: oh, wow, just what I was talking about :D
The first thing you are going to notice about this mission is that it looks a hell of a lot like the last one. It does have similarities but the security is a lot better so now we need to prove to poor Sam that he still needs to work on it. The most difficult part in this one is to get the right Inline Javascript code to put into the URL bar. The following are Inline Javascript you will need for this. The first one: alert. When you use alert in the Inline Javascript, it will then show a small pop up showing you what you wanted.
CODE :
Ex. 1.) java<b></b>script:alert("Hello World!!"); When you type this, there will be a small pop up on your screen that says Hello World!! Now you can also add things to it like if you want to see the cookie on the page.
Ex 2.) java<b></b>script:alert(document.cookie); Now another thing you can do is change things like the cookie by well using Inline Javascript.
Ex 3.) java<b></b>script:void(document.cookie="something new"); This would change the current cookie to something new. You can also do things like that with a form that is embeded into the HTML document.
Ex. 4.) java<b></b>script:void(document.forms[number of form you want to change starting from 0].to.value="what the value is"); Now that you know some of the basic Inline Javascript, try a few things out. I will give you a little hint though, you will have to add two of them together like this: java<b></b>script:void(document.cookie="something new");alert(document.cookie); So good luck :)
FNOTE: Great explaining. You’ve used java<b></b>script injection about 7 or 8 times there… I had to fix it, so silent-shadow doesn’t kill you while you’re asleep. It’s called Inline Javascript. And I’ve fixed your fail at typing “=” when there should be “.”
[faith]However, what you didn’t explain was how to change forms.
This is your everyday inline. Javascript:void(document.forms[0].name.value=" ")
Javascript:void(document.forms <- this tells us it’s forms that we’re going to modify
.name <- this is the name of the field surprisingly enough! View source, and if you see name=”cookiejar”. Put cookiejar where name is so it becomes .cookiejar
.value <- this is where the value is, wow~ no tricks to it at all! If it says on the source value="empty", and we want it to be full, make change it to be full, so we have .full
After all that, we could have this as our result of our inline java<b></b>script to put in the url bar.
Javascript:void(document.forms[0].cookiejar.value="full ")
Still confused? Pm liuyuan or jump on #help on irc.
[/faith]
Requirements:
A. knowledge of some general cryptography would be helpful according to hackthissite.org but I used a different method
Wow, ha.. Ha.. Sam isn't as retarded as I thought he was. Well since Sam is really starting to pick up on his coding skills, we will too. So as we look at it you will tend to scratch your head and be like wtf? But this is normal. Once I break it down for you, you will be like OMG, awesome I love you. So here we go!(yes I know lame but w/e) Okay er figured out that his encrypted password is bdd8hgg: so we will have to use this... But what do we do with it. I know know your first thought as it was mine, "Wait!! I will try this as the password." Then, "Well now that was a complete failure, let’s try the encryption thing good ol' Sam set up for meh." Well that isn't the right answer either. Now the encryption thing he set up was to just confuse the hell out of us. Since the password is encrypted, we will have to do the opposite to it, Decrypt it. (Notice the DE... Key word.) Now the only way to do that is to understand how the encryption works and its pattern. Try using the letter a. Use 8 a's so you will be able to figure out what you will need for each letter. After that you will notice it becomes abcdefgh. So it is 0, 1, 2, 3, 4, 5, 6, and 7. Now that you know that you will know how to decrypt it. So instead of going forward with the letter u will have to go backwards. But wait, you have!?!?!? Well fortunate for you I am going to give you a big clue that might be a spoiler so I will tell you the hint and I will set the spoiler at the bottom of this section. Well the password is ASCII. Now with that knowledge just look up some information on it and then you should know what you have to do from here.
[faith]
Okay here is the spoiler. This is the link to an image that shows all of the ASCII characters so you will be able to decrypt the encrypted password. [img]http://en.wikipedia.org/wiki/Image:ASCII_full.svg[/img]
[/faith]
FNOTE: Fixed minor typo, great explaining, this is called ASCII shifting btw. Great job on this section, I couldn’t have explained it better myself. *gives cookies*
Requirements:
A. very little knowledge of UNIX commands Unix Commandsh
Okay Sam has been upgrading his equipment and techniques. From what he said the cal command is being operated from UNIX. So that means trouble for us. But once you learn a few commands that you will see here in this section this will be a piece of cake. Now since it is being run from a UNIX server and we have full access to it and are able to put in commands we are able to put in our own commands in order to change the information and hopefully figure out how to get the password. Hackthissite.org was nice enough to give us a HUGE tip in saying the file is in the main directory so we will not have to fool around directory switching. So this makes it so much easier to do!
FNOTE: From this part, I’d have to disagree. Please see my note.
Okay here are a few basic commands you will need for this in no particular order. First off is the command for getting into the main directory. The command is simply / so in the form where you enter the year you want just put / and you can see the directory. Now here is another very useful command that allows you to make your own command over the one that was programmed. The cal command has been programmed so you can't just put any command in. The command is *spoiler removed* so just type it in the field and you are then able to change the command. Now the final command I am going to tell you is how to view the directory. The / command was not the command to view but to get to it... I think LOL... So if I am wrong please tell me I would appreciate that. :) Now the command is *spoiler removed*. So now that you have the proper tools, I will let you handle this on your own. If I tell you what to do it will be a big spoiler. But the rest is practically common sense so have fun and goodluck!!
Okay, interesting theory there, but unfortunately, it’s wrong. *see below*
FNOTE: fixed minor typo, grammar error, repeated “the” for 3 times. Programmed is spelled with double m. =]
Hmm I wouldn’t have agreed without on this one, the years aren’t stored in a directory, this is a perl calculator. It calculates the years and date and everything. Don’t believe me? Save the .pl file, open it with notepad. It should gives you something like print ‘cal $year’; or something similar.
Now, only if we know how to start a new command, there are two ways, now google.
While you’re at it, google the dir command on a unix box.
10.) Basic 8
Requirements:
A. an understanding of SHTML or you can go here: SHTML info
B. ability to copy and paste
Okay now his daughter wants to get involved in his programming. -.- Well we will just have to find the loop hole in here scripting. Okay after we put in our name in the text field, we notice that the page the results come on is an SHTML file. Hmmm... I do not know too much about this. If you are like me I recommend going to SHTML info and reading up on it. After reading that and almost falling asleep I realize that with that bit of information, it shows you how to execute a command within the SHTML text field. Now there is one thing they didn't show you, it is how to go up a directory. The command for that is .. and I would also like to point out that I was using Firefox for this so the command 'cd' or change directory would not work. After I tried it on IE I notice it doesn't work either. I would also like to remind you like from the previous mission, the server is UNIX so you can't use the windows command. So use the command *spoiler removed* to show the directory. But I will give you a hint. Unlike the other mission, you can't just type the commands you need to enter a piece of coding that you find at SHTML info which I have been pointing to this whole section of the tutorial... So yea, good luck lol!!
FNOTE: fixed the usual stuff.
Alright, SSI is a technology that allows execution of server-side commands on the processing of files… Hmm…
<!--#command attribute="value"-->
That’s enough hints, remind you about directory transversal tho.
. current directory
.. go back a directory
11.) Basic 9
Requirements:
A. basic knowledge of UNIX commands
B. bit of understanding of SHTML
Okay as you notice this missions talks about the last mission. This gives you a bigger hint than you think. It actually says that Sam screwed up. It says that you can get to the level 9's password in the /var/www/hackthissite.org/html/missions/basic/9 directory. But we cannot access this in level 9. We will have to go back to Basic 8 in order to complete this level. So once your there use some of the information you have gained from the last mission to type in the command to get to the directory. But what you must know is how to change directory. But this time you are going to have to go down a directory. But it will actually be two because you are on the /basic/8/tmp/ directory. What you want is to get to the /basic/9/ directory. Now this is where a lot of people get confused over. The command for going back a directory is ../ So if it requires two you will have to use two of those, because you’re really going up two directories. What really messes people up about this is there no space between the two commands. Please remember that you also have to point the command to the proper directory or the correct level so it can work. If you don't you will get an error. So I have given you either enough information or too much and some of the more experienced people might get pissed at me for revealing too much information LOL so good luck!!
FNOTE: Hmm, great guide. You did reveal too much information, but you explained it over, so great job. (Also added minor explaining)
12.) Basic 10
Requirements:
A. some Inline Javascript knowledge needed
B. yet again more common sense :P
Wow Sam is going to get a promotion soon if he keeps this up. But knowing that we were able to do that last 9, I think we can do this one. To tell you the truth I think this is the easiest um hard mission there is lol. Okay now the first thing you are going to notice there isn't much directions given. Or any at all. So if you were paying attention and read the description of the mission before trying it you would have noticed that it said something about Javascript and cookies. Now this is actually a big clue. This means that the access is enabled by cookies. This is how you view a cookie using Javascript by simply typing it into your URL bar. java<b></b>script:alert(document.cookie); This simple and basic java<b></b>script code is how to view the cookie being used. Now this simple code is very important in figuring out how to do this. You will also need to know one more type of code. This one will change the cookie. java<b></b>script:void(document.cookie="variable=value"); You will need this in order to complete your mission. Now the last thing I am going to tell is what I thought of trying. I am not sure if it actually works even thought I did it, but what I tried is using the alert code before trying to put in the password. Then after without actually putting a password, just click "submit" and then do the alert again to see if there was a change. Then after change accordingly in order to pass this mission. That is all I am tell you for this one. This should be enough information for you in order to complete this level.
Fnote: roflmao, again, inline java<b></b>script. Just remember tho, you must try to access page once, in order to get the cookie. So click on submit once, it’d tell you “you’re not 1337 enough to access”
Great article again: Great Article!
I would just like to say thank you for reading my noob friendly tutorial for 1-10 basic missions for www.hackthissite.org and please comment this and give feedback via here on this article, PM me on msn, or send me a comment on my profile. I would like to say that I am deeply sorry if I let out too much information but this will also help the new people who are not quite use to this. I have never given the answer well practically but I have just guided them. So thank you again for reading this and I hope I helped out some noobs :P lol. PLEASE COMMENT!!
(might make more articles in the future so keep a look out!!)
~ sk8terboi43
I am still a noob but I have been able to complete all basic stages of the site. And now that I know how to do everything, (in basic :P) I will break everything down to step by step instructions and make everything a bit easier to understand. This is my first article so please give me feedback. so PM for comments and well go to my page and give me feedback :) thanks!
P.S. I had to edit this thanks to magikstik. Thanks man for pointing out the major bug in my tutorial ;)
Update Log
2007-07-23 V.1
Article submitted 2007-07-23 V.5
Edited by faith.
Took out spoilers
Fixed Typo
Fixed conceptual mistakes. 2007-08-05 V1.0
Revisited by faith.
Added links, pictures, more information and guides towards the article. 2007-11-23 V1.7
Revisited by faith.
Fixed the formatting, added bbcode support.
Such as index, url linking, picture, headings.
HackThisSite is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.