On that mission you have a web site that has admin access to a email list and you want to acquire that access. On the explanation of the mission there are some key words.
…they used was 10 years out of date and the new password seems to be a ‘message digest‘… I think it could be something like a so-called hash value. I think you could somehow reverse engineer it or brute force it… Continue Reading
What I learn from HTS today is Directory Traversal Attack (DTA). You might learn from Wikipedia. As a summary DTA is a way of accessing the locations that are not intended to be available to plain user, by using input fields of the website. Generally flaw that makes open to DTA is low sanitizing and input validation of applications.
These are the steps to complete the mission.
- Open the hacked index of the web site and open the source of the index see the bottom comment of the hackers. It means we have original index file as oldindex.html
- Type to …3/oldindex.html
- Open the source and copy all the source of the page.
- Go to “Submit Poetry” page of the site.
- Type ../index.html as name and paste all the copied content to content part of the form.
- submit. That’s all 🙂
Question: Do you think hackthissite.org is a good tool to master web hacking?
Answer: Thanks to Frank Smith
The missions on that website are pretty realistic in terms of real world hacking. But if you finish all the missions you will have only scratched the surface of “hacking”. There are literally dozens** of site that will provide you similar missions but they all lack one thing, fundamentals. Finishing all the challenges is great but it won’t teach you ABCs of security. If you really want to understand Web Application security I recommend Web Application Hackers Handbook. This books is the single best source of learning security for Web Applications.
Since this book only focuses on WebApplications, I would recommend Counter Hack Reloaded as a good counterpart. Its a bit dated (2006) but it goes in great details about fundamentals and covers a huge ground.
**List of sites similar to Hackthissite.org
Today it is the turn for the realistic mission 2 on hackthissite.org.
This mission is all about looking the home page source code. Finding the hidden link on page to directs you to admin page then use basic SQL injection to accomplish the mission.
SQL injection is about typing some malformed values to html forms to make some changes on the application database or get some data that the application owner does not expect us to see them or change. You can learn more about SQL injection from this link.
You need to be able to pass the mission after all the explanation and the reading from the above reference site. If you cannot, it means you need to work some more on hacking the sites. However for the lazy brains here I give the instructions as follows:
- Open the source file of the page.
- See the update.php link on the source. It is hidden on the visuals on the page.
- Find the hidden link and click on it to go to admin login page.
- Now use one of the tricks that you know about sql injection. I used this for both input x’ OR 1 = 1;
That’s all 🙂
This mission is about the settings on Apache server by .htaccess file that defines the files and the directories are available and visible to the external visitors. You might see more info about .htaccess.
Now when you open the mission you will se some song names going around for each refresh. Search the musics on google and you notice that all the songs are related to Elton John. Is this a coincidence. I don’t thin so :). In addition if you look the forum on hackthissite about the mission they give some clues. By depending on these tips try to go /e/l/t/o/n url added to main address of the page. You see that there is no file there after /n. So it is time to see the htaccess file. By the assumption of we have the file here, type …/.htaccess to the url. You will see that two of file is prevented to be shown on file three but we can actually see them. One of the file is DaAnswer. Delete /.htaccess and type /DaAnswer. It says something tricky. “… answer is —- …”. The answer is lying there —- part. Copy the word lying instead of —- and go back to /mission/11/index.php and type this word as a password then you pass the mission.
This exercise of hacthissite is about cookie manipulation. When you open the exercise page it’ll insert into your system a cookie that says “User is not authorized”.So if you’re working on firefox you might use the add-on “Cookies Manager +” to edit the content of any cookie.
Now open the Cookies Manager from tools menu. Search for the “hackthissite” domain. You’ll see a cookie that includes “10” inside its domain name. (I plainly too lazy to open it and see the exact name 🙂 ). Find it and open edit on it. You’ll see that it says “no” for authorized. Make it “yes” then refresh the page and push to submit.