Hacthissite Basic missions

Hackthissite Basic 1

After you learned HTML, view the source. In a comment will be the password for this level. To view the source wight-click the page and select view source or ViewSource on you menu bar. Press CTRL+F in the source and find 'password is' without the quotation marks.

Hackthissite Basic 2

'However, he neglected to upload the password file...'

So since there is no file it will be reffered to as nothing so just hit the submit button without typing anything.

Hackthissite Basic 3

Now look in the source code. You will find:

password.php

Paste password.php in your URL bar with so it is http://www.hackthissite.org/missions/basic/3/password.php and that is where the password is.

Hackthissite Basic 4

Again, look in the source code. You will find " input type="hidden" name="to" value="webmaster@hulla-balloo.com"> ". Now just change the value to your email, save as .HTML and click the button!

Hackthisste Basic 5

Paste javascript:alert( document.forms[0].to.value = youremail@youremail.org). This is a javascript injection which will alter the hidden fields of a page.

Hackthissite Basic 6

This site will help you. http://www.asciitable.com/. What you need to know is that for every new space the ascii value will be n+1, n being the ascii value added to the previous one.

Hackthissite Basic 7

Now, research unix commands. The most likely would be "ls". Now, how do you input two unix commands in one command line? Paste "&& ls" into the the box, locate the file and view it.

Hackthissite Basic 8

Paste into the name box and hit enter. This is an SSI command which will instruct the server to show all the files.

Hackthissite Basic 9

Paste into the submit box in the Basic 8 mission. This will search for the file in the Basic 9 directory.

Hackthissite Basic 10

Ahh, editing cookies. Use this javascript injection: javascript:void(document.cookie="level10_authorized=yes") to edit the cookies. Paste the javascript injection in the URL bar.