Tuesday, June 25, 2013

hackthissite.org Basic Challenge 5 | Shivang Desai

Hi guys,

Here's the basic challenge 6 of hackthissite.org

Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.

This time I tried the same as challenge 4 solution but it gave me an error of “invalid referrer”
There was no hint but soon I noticed one at main page of basic challenges.

It said “Requirements: HTML knowledge, JS or FF, an email address.”
The “page source” thing did not worked directly for me.
We had to somehow change the form value and set it to our desired value.
So from three things :- HTML knowledge, JS and email address two things were already cleared.

We already have an email address and we know that basic HTML was not going to work. The single thing remaining was JS (javascript). 
After some research on internet I found how we will have to insert the “value”.

javascript:alert(document.forms[0].to.value="your email address")

According to the DOM principles, if there are more than one forms on a document then they are recognized by forms[0], forms[1],forms[2] etc.

Now we needed to change to “value” of first form as that’s what we needed.
I just copy pasted that javascript statement and a pop-up of the email address entered will be seen.
As soon as you click “ok” on the pop-up, you will be redirected to same page ie
“https://www.hackthissite.org/missions/basic/5/”

That’s it. We have set the value and now you just need to click the button “Send Password to Sam” again.


You will get the page displaying password.

Copy and paste this password in the textbox and click "submit"...

Thursday, June 20, 2013

hackthissite.org Basic Challenge 4 | Shivang Desai

Hi guys,

How's life going !!?

Lets have a talk about challenge 4.

"This time Sam hard-coded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script"

I went to the "page source" and looked at functionality exhibited on button named "Send password to Sam".

I found below code -

<form action="/missions/basic/4/level4.php" method="post">

  <input type="hidden" name="to" value="webmaster@hulla-balloo.com" />
  <input type="submit" value="Send password to Sam" />
</form>

I tried with the direct url as was the case with previous challenge (challenge 3)

"https://www.hackthissite.org/missions/basic/4/level4.php" but it din't worked 
and gave error of invalid email.

After searching for that domain "hulla-balloo.com", it was found that there is no such domain.

I thought to supply proper email.
 

This is what I did.

Saved the page-source of this page (with .html as extension)- 
"https://www.hackthissite.org/missions/basic/4/"

After saving it, I changed the value from "webmaster@hulla-balloo.com" to a proper email address. Type your own email address if you want to.

I double clicked this saved file. The same page as of challenge-4 was displayed. 
Now click on the button "Send password to Sam" and you will directly get the
password.

Copy-paste this password in the password textbox and submit.

Enjoy....! 


hackthissite.org Basic Challenge 3 | Shivang Desai

Hi guys,

I am enjoying a lot and here's the third challenge.
In this post I will show what I tried and how I solved.

The challenge says "This time Network Security Sam remembered to upload the password file, but there were deeper problems than that."

I wrote about this password file logic in previous post. (click here to have a look at previous blog)

Now we had a file from where our password (user entered password) was going to be compared.

How I solved it ?

First I looked at the "page source" , there was no direct clue but a hidden field with value as "password.php".
This was the main thing to be noticed.

At the first glance, I was a little bit confused and knew that php is server side so there is nothing to be found in "page source".

So what I did was that I googled "Top vulnerabilities in php". It was a blind shot but believe me, sometimes common sense really works.

I found a vulnerability named "Reveal Source Code". As soon as I read this line, I remembered a thing which I faced while making my own website.
The logic was such that you can't see the php code in "page source" as it is server side. But if you know the name of the php file then you can directly view it with address bar.

So here's the shot -
I knew from hidden value that php file was "password.php" and very time I came across this link "https://www.hackthissite.org/missions/basic/3/index.php"
so I tried the same with password.php instead of index.php

AND TADAAA....! I got the password

------------------------------------------------------------------------------------------------------------


Finally, just copy pasted it and challenge-3 was solved.




Enjoy... I hope this post could be helpful to someone needy. :-)




Wednesday, June 19, 2013

hackthissite.org Basic Challenge 2 | Shivang Desai

Hi guys,

Here's the second challenge of hackthissite.org- Basic Missions.

The challenge says "Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file..."

The scenario Sam wanted to create was as shown below.

But note one important thing. The last line in challenge description says  "However, he neglected to upload the password file..."

I thought that if the file was not uploaded then where the password was getting checked from?
There should be something from where user password could be compared. But here the unencrypted file was not present at all.

The logic was simple. There was nothing from where the comparison could take place which meant that anything you enter, you will get an error message.

I thought that instead of "anything" why not try "nothing" which means a blank password.
And TADAAAA......it worked.
I exactly don't know the logic but as there was nothing for comparision, by default blank password was accepted.


---------------------------------------------------------------------------------------------------------
THINGS I TRIED...!!
Its certain that we don't get things at first instance and in the field of hacking, if you got things easily then you are definitely playing a game and not hacking.

First I tried to look at "page source" as challenge 1 was totally related to it.

Secondly, I tried with simple authentication bypass and entered 0'or'0'='0. BUT this din't worked and it was certain that it won't work as there was no SQL involved here.

I tried with some basic passwords that could be possible. Like "Sam", "password", "HTS", etc etc....

-----------------------------------------------------------------------------------------------------------


Tuesday, June 18, 2013

hackthissite.org Basic Challenge 1 | Shivang Desai

Hey guys,

I was going through some well known hacking guides and recently I completed a small certification in security field.

Now after having enough knowledge, I felt like keeping this knowledge into practical zone.
But I personally feel, if you get onto Internet without any proper intentions, you will get lost as a newbie in a totally unknown country.

Recently I found vulnerabilities in some good websites but you can't exactly test your skills there on live websites. If something goes wrong then you can get into serious trouble. If its google or facebook which are always open for bounties, then there is no need to worry. But again its not easy to test "basic" things on hi-techies like google or facebook. You will end up with total loss as they are not that mad to keep vulnerabilities open for us.

I was a little bit confused but got a clear idea from a good friend - Aditya Gupta, a well-known guy in the field of security with expertise in mobile security and many more things. He is always there to help me and I can guarantee a way out.

He suggested me to go to this site "hackthissite" and practice. I heard about it earlier but now its the time to start bringing the knowledge into practical zone.

You will just have to register and get started with challenges. But I suggest to go through this site. It has sections like :

  • "Challenges"
  • "Get Informed"
  • "Get Involved"
  • "Communicate"
  • "About HTS" - definitely have a glance.
After this, you can get started with challenges. 
-----------------------------------------------------------------------------------------

hackthissite.org - Basic Challenge 1

Today I started with  "Basic Missions" under the "Challenges" section. 
First Test (or challenge) was "Basic 1" also known as "The Idiot Test" and it is actually "idiot test".  :-D

After completing I was feeling really good and feeling an idiot too. Why ??
No ! If you are thinking "How can hackthissite (HTS) design such an idiot test?" then please don't think so.

HTS has designed with an intention behind it. 

I tried my hard to do some idiotic things in such a basic test (idiotic as compared to what was needed here) and so am saying that I was feeling like an idiot.
I tried these things :
  • tried BURP proxy
  • tried brute force [ I can't say what all I tried .. :-D ;-D]
  • completely scanned that page for any hint.
Here's how I solved
HTS says that you need to learn HTML for cracking this challenge. The hint was there infront of me.

You just had to see the page source and tadaaa it was done. 

Just go and look at the "page source" of the page. Find the word "password" . You will see something like this screenshot.


That's it. Enter this password into the challenge field and you are set going for next challenge.

I just loved my first day with HTS challenge. Complete experience is going to be just awesome. 

I will be posting other challenges solutions and problems that I faced during solving the challenge. 
I will surely post any idiotic things too that I did during challenges... lol.. ;-)