Thursday, June 20, 2013

hackthissite.org Basic Challenge 4 | Shivang Desai

Hi guys,

How's life going !!?

Lets have a talk about challenge 4.

"This time Sam hard-coded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script"

I went to the "page source" and looked at functionality exhibited on button named "Send password to Sam".

I found below code -

<form action="/missions/basic/4/level4.php" method="post">

  <input type="hidden" name="to" value="webmaster@hulla-balloo.com" />
  <input type="submit" value="Send password to Sam" />
</form>

I tried with the direct url as was the case with previous challenge (challenge 3)

"https://www.hackthissite.org/missions/basic/4/level4.php" but it din't worked 
and gave error of invalid email.

After searching for that domain "hulla-balloo.com", it was found that there is no such domain.

I thought to supply proper email.
 

This is what I did.

Saved the page-source of this page (with .html as extension)- 
"https://www.hackthissite.org/missions/basic/4/"

After saving it, I changed the value from "webmaster@hulla-balloo.com" to a proper email address. Type your own email address if you want to.

I double clicked this saved file. The same page as of challenge-4 was displayed. 
Now click on the button "Send password to Sam" and you will directly get the
password.

Copy-paste this password in the password textbox and submit.

Enjoy....! 


1 comment: