SOU✌️IKINATOR

Hack This Site basic 10: detailed walkthrough


basic-10-banner.png

Hello people! You know what we are going to do today. I’ll be solving it along while writing this post so it’ll be a detailed walkthrough. So without any delay let’s begin.

NOTE: I have only done detailed walkthrough of Hack this Site Basic 6-11 because they are relatively tough and wanted to show how one should approach from a beginners perspective. You can easily find solutions for Basic 1-5 by a simple google search but I believe anyone with basic knowledge of HTML and JS can solve them easily.

Mission statement

This time Sam used a more temporary and “hidden” approach to authenticating users, but he didn’t think about whether or not those users knew their way around JavaScript…

Breaking In

So as we get into the level we see a input field and a button. On making an empty submit or if we submit a random string, “You are not authorized to view this page” is shown. If we look at the mission objective, it talks about “a way around JavaScript”. What can it be?

On inspecting the form using dev tools, action is set to index.php

Let’s submit random text and see what happens in the network tab in dev tools as shown below.

basic-10-network-tab.gif

As you can see in the HTTP header of our requests we have submitted password=hamburger which is certainly not correct and guess what we also see cookie which says

Cookie: level10_authorized=no; phpbb3_28pla_u=1; phpbb3_28pla_k=; style_cookie=null; HackThisSite=vtahaid0fa6mh64cr720nul9l0; phpbb3_28pla_sid=01c8470df618055839d69bb90c978518

📄 Know the web: http cookie 🍪

Anything interesting over here? Of course level10_authorized=no. What if we change the cookie value to level10_authorized=yes.

basic-10-setting-cookie.png

easy peazy!

now let’s submit an empty input and bingo! you cleared it.

🥳 So it’s time to wrap up the post with a quote

Your mind will answer most questions if you learn to relax and wait for the answer. -William S. Burroughs


          Souvik Kar Mahapatra's DEV Community Profile


#HTS #HackThisSite.org #walkthrough #wargame #CTF