After you learned HTML, view the source. In a comment will be the password for this level. To view the source wight-click the page and select view source or ViewSource on you menu bar. Press CTRL+F in the source and find 'password is' without the quotation marks.
Hackthissite Basic 2
'However, he neglected to upload the password file...'
So since there is no file it will be reffered to as nothing so just hit the submit button without typing anything.
Hackthissite Basic 3
Now look in the source code. You will find:
Paste password.php in your URL bar with so it is http://www.hackthissite.org/missions/basic/3/password.php and that is where the password is.
Hackthissite Basic 4
Again, look in the source code. You will find " input type="hidden" name="to" value="webmaster@hulla-balloo.com"> ". Now just change the value to your email, save as .HTML and click the button!
Hackthisste Basic 5
Paste javascript:alert( document.forms[0].to.value = youremail@youremail.org). This is a javascript injection which will alter the hidden fields of a page.
Hackthissite Basic 6
This site will help you. http://www.asciitable.com/. What you need to know is that for every new space the ascii value will be n+1, n being the ascii value added to the previous one.
Hackthissite Basic 7
Now, research unix commands. The most likely would be "ls". Now, how do you input two unix commands in one command line? Paste "&& ls" into the the box, locate the file and view it.
Hackthissite Basic 8
Paste into the name box and hit enter. This is an SSI command which will instruct the server to show all the files.
Hackthissite Basic 9
Paste into the submit box in the Basic 8 mission. This will search for the file in the Basic 9 directory.
Hackthissite Basic 10
Ahh, editing cookies. Use this javascript injection: javascript:void(document.cookie="level10_authorized=yes") to edit the cookies. Paste the javascript injection in the URL bar.
Ahh, editing cookies. Use this javascript injection: javascript:void(document.cookie="level10_authorized=yes") to edit the cookies. Paste the javascript injection in the URL bar.
No comments:
Post a Comment