Lets revisit our source code:. In order to pull this attack off, it is necessary to understand how javascript handles forms. Every form in Javascript is contained in an array called forms[x] , where x is the number of forms on the page starting from zero. This is important for this challenge because the value that we want to edit on this page is on the first form, therefore in our injection point, we will be using forms[0].
Changing the value of sam hackthissite. The first is accessing the name of the input type and inserting our own value, and the second way is by modifying the element that corresponds to that value and inserting our own. Everything on this injection is derived from the code that was supplied at source. In order to pass this challenge, you need to send the password to the email you registered on HTS. The last method to finish this challenge is by modifying the element that corresponds to that value and editing it.
To accomplish this, we first need to understand what are elements when it comes to javascript. An HTML element is an single component of a form. These components represent a value within the forms, they can represent values throughout the entire markup. Take a look at the source code below provided by the challenge:. There are two values for the input tags, the first value is the email — sam hackthissite. We can use their elements to change their values.
We will grab the first available element and see the value. This can be done with:. If we change the value of our element to From here you can change the value of the email using its element to complete the challenge:.
Description: Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure. This challenge is very similar to the previous challenge, I was not sure if there was suppose to be a difference, however, I did complete it the same way as challenge 4. I will conclude the first few challenges here and document the rest another in another post.
This thread will be updated with a continuation link to the next challenges. You are commenting using your WordPress. You are commenting using your Google account.
You are commenting using your Twitter account. You are commenting using your Facebook account. Jul 08 Leave a comment. However, he neglected to upload the password file… What I Did: Since the password file was never uploaded, the password the user enters is compared to nothing, so in this case the password would be blank. I changed the email to one that I own and when I pressed the button again, I was returned the following: I brought up my email and in my inbox was a message from sam containing the password for level 4.
The encryption system is publically available and can be accessed with this form: What I Did: So we have a textbox that runs an encryption function on a string the user enters. Share this: Twitter Facebook. Like this: Like Loading Leave a Reply Cancel reply Enter your comment here Fill in your details below or click an icon to log in:. Email required Address never made public. Name required. Create a free website or blog at WordPress.
Follow Following. Schooling Security. Sign me up. As you look at the code in front of you, you may be a bit confused. Dive down to the part of the code that contains the part of the HTML with your password field and story in it. You can do this by copying the last sentence of the story presented, then holding down the Ctrl button on your keyboard and hitting the F key. This will open a search box in the upper right-hand corner of the page.
You should automatically be taken to the part of the code that contains our password field. Know the difference in the codes. As you look at the code, you may notice that there are actually different types of codes being used and referenced. This is because HTML works alongside many different coding languages to accomplish different things.
For instance, PHP. PHP is what is called a server-side scripting language. It is important to research as you are going through different challenges to learn more about the obstacles in your path.
These sites can help you learn a bit about PHP, as it will come up in future challenges. Compare source codes. Try to spot the changes.
You may first noticed that the way the code is formatted has changed. In addition, there seems to be a new file type that has been inserted. This shows us something interesting. This means that the website is waiting for a specific action to happen before i starts reading index. Try to figure the rest out then go to the next step. Beat the Basic Mission 3. Now hit Enter. The browser you are using should be able to read the PHP file and display what is inside.
In this case, there should be a random number-letter sequence in the upper left-hand corner. Include your email address to get a message when this question is answered. Submit a Tip All tip submissions are carefully reviewed before being published.
You Might Also Like How to. How to. Co-authors: 5. Updated: February 13, Categories: Technology Hacks. Thanks to all authors for creating a page that has been read 50, times. Is this article up to date? Yes No. Cookies make wikiHow better. By continuing to use our site, you agree to our cookie policy. About This Article. Featured Articles How to. Trending Articles How to. New Pages How to.
0コメント