HackThis Challenge [Solutions | Main Level 1-5]

In this write-up, I’ll show you the steps I took to solve HackThis “Main Level” challenges. Hope this helps if you get stuck at any level, or want to see maybe another approach.

Main Level 1

In this challenge, (and in all the upcoming challenges,) I started by viewing the source code of the webpage. In Google Chrome, you can simply right-click on the page, and choose View page source, or press CTRL + U.

In the page source, I searched for the keyword Username, by pressing CTRL + F and typing the keyword. Upon searching, the browser displays 3 matches. Among these 3 matches, one of them brings the most attention:

So the username is in and the password is out.



Main Level 2

Again, I started by viewing the source code of the webpage, and searching for the keyword Username. This time, we encounter something very unusual:

There is a span next to the Username field, having a color #000000 (which stands for black, in terms of RGB), which has a text: resu. Similarly, a span next to the Password field, with text ssap. Let’s change the RGB from #000000 (black) to #ffffff (white):


Main Level 3

Again, let’s look at the source code.

Here the username is heaven and the password is hell.


Main Level 4

In the source code I found:

Let’s look in https://www.hackthis.co.uk/levels/extras/ssap.xml

The username is 999 and the password is 911.



Main Level 5

Now, a dialogue box welcomes us upon entering the website, asking for a Password. So, I again looked at the source code of the website; but this time searching for the keyword “Password”, as it appeared in the dialogue box. The first occurrence seems quite interesting:

And in the source:

This means that if the string 9286jas is entered when the prompt dialogue box appears, the website will be redirected to the href: /levels/main/5?pass=9286jas. If I enter that password, I am redirected to that hyper reference, and I am done with the level! Moreover, noticing that I am done upon being directed to that website, I can simply enter that URL in my browser, and I am done without even entering an input to the prompt dialogue box!

So I simply add this ?pass=9286jas to the URL and I can go to the next level.

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google photo

Stai commentando usando il tuo account Google. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...

Questo sito utilizza Akismet per ridurre lo spam. Scopri come vengono elaborati i dati derivati dai commenti.