In this write-up, I’ll show you the steps I took to solve HackThis “Main Level” challenges. Hope this helps if you get stuck at any level, or want to see maybe another approach.
Main Level 1
In this challenge, (and in all the upcoming challenges,) I started by viewing the source code of the webpage. In Google Chrome, you can simply right-click on the page, and choose View page source, or press CTRL + U.
In the page source, I searched for the keyword Username, by pressing CTRL + F and typing the keyword. Upon searching, the browser displays 3 matches. Among these 3 matches, one of them brings the most attention:
So the username is in and the password is out.
Main Level 2
Again, I started by viewing the source code of the webpage, and searching for the keyword Username. This time, we encounter something very unusual:
There is a span next to the Username field, having a color #000000 (which stands for black, in terms of RGB), which has a text: resu. Similarly, a span next to the Password field, with text ssap. Let’s change the RGB from #000000 (black) to #ffffff (white):
Main Level 3
Again, let’s look at the source code.
Here the username is heaven and the password is hell.
Main Level 4
In the source code I found:
Let’s look in https://www.hackthis.co.uk/levels/extras/ssap.xml
The username is 999 and the password is 911.
Main Level 5
Now, a dialogue box welcomes us upon entering the website, asking for a Password. So, I again looked at the source code of the website; but this time searching for the keyword “Password”, as it appeared in the dialogue box. The first occurrence seems quite interesting:
And in the source:
This means that if the string 9286jas is entered when the prompt dialogue box appears, the website will be redirected to the href: /levels/main/5?pass=9286jas. If I enter that password, I am redirected to that hyper reference, and I am done with the level! Moreover, noticing that I am done upon being directed to that website, I can simply enter that URL in my browser, and I am done without even entering an input to the prompt dialogue box!
So I simply add this ?pass=9286jas to the URL and I can go to the next level.