Basic Level 1
This level is pretty easy. We are told that this level is a “idiot test.” Lets show them that we are everything but! It is a common trend in Web Application challenges like this, that the very first level’s password can be found in the comments of the HTML code. We can look at the source code for this web page by right-clicking, and selecting View Page Source. This should open another tab that has the HTML source code for this web page. We can scroll down this page, and find the source code for the input box, which is called a
form in HTML. Above the form, we can see that there is an HTML comment, which is of the form
<--X-->. This comment has our password, which we can copy and paste to pass this level.
Basic Level 2
In my honest opinion this level is even easier than the first level. This one states that the password file was not uploaded, which means that the value to which our input will be compared to is
NULL. So, to input
NULL all that we must do is to press Submit without inputting anything into the form. This should complete the level and make us into 1337 haxxors.
Basic Level 3
In this level, the password file has been uploaded, which means that we must find out how to get access to that file. If we look at the source for the web page, we can see that there is a file named password.php. We can open this file by modifying the URL of the challenge site. We can add the file name to the URL of the challenge so that it looks like this
www.hackthissite.org/missions/basic/3/password.php. This should open the file, and present to us the password for this level.
Basic Level 4
For this challenge we will have to modify the source code for the website to redirect the email to ourselves. We can do this by right-clicking, and selecting the Inspect Element option. This brings up the page source within the same window, and we can navigate this source to find the portion that has the button that sends the email. Once we find this location within the code, we can then double click on the email that is written in the code and replace it with the email that we used to create our HTS account. Once we change the destination email address to our own, we can click the button and receive an email from HTS containing the password for this level.
Basic Level 5
This level requires the exact same process as level 4.
Basic Level 6
Level 6 requires a bit of work for us to solve, but is not hard to do. We need to find an ASCII chart so that we can decrypt this password. From inputting a long string of “a”’s we can see that each character is the ASCII value plus its position within the string, with the count starting at 0. Thus, we can reverse engineer our password, and check it with the encryption tool provided to us.
Basic Level 7
On this challenge, we are told about the Linux command
cal, this command displays the calendar for the given year, or the current month if no input is provided. This can be exploited due to the fact that this is a SHELL command, which is taking input from our browser, so we can force the SHELL to perform other commands alongside the
cal command by using a semicolon. By inputting
;lswe should be able to see the calendar for the current month, and the obfuscated password file. We open this file the exact same way that we did in level 3 to get our password.
Basic Level 8
This level is pretty challenging if you are not familiar with some of the more obscure web technologies. If we input something into the field asking for your name, you should be presented with a link that takes you to another page that gives you some information about what you entered into the text field. From this page’s URL, we can see that we are in the /tmp directory, and we are looking at a weirdly named file with a
.shtml file extension. An SHTML file allows us to send commands to the server on which the website is hosted. If the previous challenges are an an indicator for forms on this challenge site, we can be sure that this form is likely to be insecure. We can exploit this by inputting some SHTML code into the form to see if it will run. We can input
<!--#exec cmd="ls"--> which is telling the server to execute the command
ls. This should display all files within the current directory, which in this case is /tmp. We can change into the proper directory by going up one directory when we perform the
ls command. So, going back to the input box, we can input
<!--#exec cmd="ls .."-->. This should print the contents of the wanted directory. We can now see the obfuscated password file, and we should be able to view its contents using a similar process that we used in earlier levels.
Basic Level 9
With this level we can solve it using the level 8 page. So, what we can do is go back to level 8, and check the contents of the level 9 directory. We can input
<!--#exec cmd="ls ../../9"-->and thus see the file for level 9’s password, and get our password for the level to move on to level 10.
Basic Level 10
In this level we are told that all we have to do is enter the password. We can input any random junk into the form and see what it says. It says that we don’t have access to the next level, but how does it know whether or not we have access and not tell us if our password was wrong. Now we must go back to the level 10 page we can check our cookies by opening up the Inspect Element and search through the panels until we find the cookie information. We can modify one particular cookie that talks about access to level 10, which is set to no. We can modify this to _yes_and then input a random password to complete the level.