Basic Missions 1-11 – Writeup

Details

This is a writeup for the basic missions from http://hackthissite.org/

Basic One

Basic One: Screenshot 1

The hint for this task caused me to think of the html source as this is a common entry level task

Basic One: Screenshot 2

Within the html source I was able to find the password

915491ce

I then used this to login

Basic One: Screenshot 3

Basic Two

Basic Two: Screenshot 1

Here I thought, if it was simply comparing two strings and one was missing, if it didn't crash it would be comparing to a blank string. So I submitted an empty password

Basic Two: Screenshot 1

Basic Three

Basic Three: Screenshot 1

I started by checking the source code, where I found a link to /password.php

Basic Three: Screenshot 2

So I went to https://www.hackthissite.org/missions/basic/3/password.php

Basic Three: Screenshot 3

Now with a password

f2cfef6f

I used it to login

Basic Three: Screenshot 4

Basic Four

Basic Four: Screenshot 1

Upon inspecting the source code I found the email was set in the html

Basic Four: Screenshot 2

I then changed the email to my own email and clicked the button to send the it. When I checked my email I had the password

Basic Four: Screenshot 3

9c64d2ca

Using this to login

Basic Four: Screenshot 4

Basic Five

Basic Five: Screenshot 1

This looked similar to the last one, so I repeated the process

Basic Five: Screenshot 2

Basic Five: Screenshot 3

8226d544

Then I logged in

Basic Five: Screenshot 4

Basic Six

Basic Six: Screenshot 1

On this task I carried out a bit of trial and error, and deduced that the encryption merely added the 0-indexed position of the character, to the characters ASCII code, as such I could reverse it by subtracting that value. Which led to the password

419e23e3

Basic Six: Screenshot 2

Basic Seven

Basic Seven: Screenshot 1

This looked like an easy command injection based on the hint, so I submitted

; ls -la

Basic Seven: Screenshot 2

I then navigated to https://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php to get the password

Basic Seven: Screenshot 3

c25f39a1

Using this I progressed to the next level

Basic Seven: Screenshot 4

Basic Eight

Basic Eight: Screenshot 1

To started with I entered "test"

Basic Eight: Screenshot 2

I then clicked on "here"

Basic Eight: Screenshot 3

In this file I noticed the extension was .shtml which meant I may be able to inject a server side include to find the password. So I injected

<!-- #exec cmd="ls ../" -->

Basic Eight: Screenshot 4

I then navigated to https://www.hackthissite.org/missions/basic/8/au12ha39vc.php

Basic Eight: Screenshot 5

c5e6ee66

Using this I logged in again

Basic Eight: Screenshot 6

Basic Nine

Basic Nine: Screenshot 1

To do this, I went back to level 8 and injected

<!--#exec cmd="ls ../../9" -->

Using directory traversal to get the location of the password

Basic Nine: Screenshot 2

To get the password I went to https://www.hackthissite.org/missions/basic/9/p91e283zc3.php

Basic Nine: Screenshot 3

bb52929d

Which led to

Basic Nine: Screenshot 4

Basic Ten

Basic Ten: Screenshot 1

I tried looking around, then a random password. When I noticed in the response there was a cookie, upon inspection it seemed the cookie was used for auth

Basic Ten: Screenshot 2

I set the value to "yes" then tried another random password

Basic Ten: Screenshot 3

Basic Eleven

Basic Eleven: Screenshot 1

I found the on every load the name of the song changed. To start I tried to access .htaccess but could not. I then tried /index.php

Basic Eleven: Screenshot 2

Now knowing where to put the password once I had it. I began to dig some more, trying some directories, I then found /e

Basic Eleven: Screenshot 3

I followed the directories down to https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/ which was blank, I then tried .htaccess again

Basic Eleven: Screenshot 4

This led me to going to https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/DaAnswer

Basic Eleven: Screenshot 5

I tried looking for some more files to do with it, but found nothing. So I decided to take the hint literally and try "available" as the password

Basic Eleven: Screenshot 6

And that was basic 11 done and with that, all the basic missions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.