circusmonkey404's Security Site

Hack This Site.co.uk - Main 10 Objectives ​Encrypted passwords can be quite difficult to decode, but when you use a common method there is usually a way to get around it. Especially when the encrypted information are simple common words. Solution Ok so let's stat by looking at the Source Code <div class='level-form'>         <form method="POST">             <fieldset>                 <label for="user">Username:</label>                 <input type="Text" name="user" id="user" autocomplete="off"><br>                 <label for="user">Password:</label>                 <input type="Password" name="pass" id="pass" autocomplete="off"><br>                  <input type="hidden" name="passwordfile" value="level10pass.txt">                 <input type="submit&

Hack This Site.co.uk - Main 9 Objectives The developer has now added a feature that allows him to get a password reminder. Can you exploit it to send you the login details instead? Solutions we will again use inspector and Edit HTML to get passed this level The developer added a forgot email link that will send them the password looking at the source there is a check to make sure what is entered matches the admin's email we use inspector and edit HTML to change the hardcoded admin password with my own. then put my email in the box and it will pass the test that they match and theoretically send the password to my email. Now this challenge doesn't actually send the email it just checks that the email matches and sends you to the completed page. ​not to hard

Hack This Site.co.uk - Main 8 Objectives The coder has made the same mistake as level 4 but this time at least he has tried to protect the password. The password has been encrypted, convert the binary into something that is easier for humans to read (base 16). If you think you have the right answer but it isn't being accepted, submit your answer in CAPITALS. Solution So let's take a look at the source code </div>             <div class='level-form'>         <form method="POST">             <fieldset>                 <label for="user">Username:</label>                 <input type="Text" name="user" id="user" autocomplete="off"><br>                 <label for="user">Password:</label>                 <input type="Password" name="pass" id="pass" autocomplete="off"><br>                 &l

Hack This Site.co.uk - Main 7 Objectives ​The password is again stored in a txt file. This time however it is not as straight forward as viewing the source. You wouldn't even find the page by using a search engine as search bots have been excluded. Solution Wooooop secret words in the hint **** seach bots have been exclude******* alright kids we all know what search bots use right? let's all say it at once Robot.txt that's right robots.txt. Good job kids lets see if we can use that to our advantage here with out digging into the source code at all https://www.hackthis.co.uk/robots.txt User-agent: * Allow: / Disallow: /contact.php Disallow: /inbox/ Disallow: /levels/ Disallow: /levels/extras/userpass.txt Disallow: /users/ Disallow: /ctf/8/php/* User-agent: Mediapartners-Google Disallow: User-agent: Yahoo Pipes 1.0 Disallow: / User-agent: KSCrawler Disallow: / User-agent: Spinn3r Disallow: / Sitemap: https://www.hackthis.co.uk/sitemap.xml Dissalow:/levels/extras/userp

Hack This Site.co.uk - Main 6 Objectives no Objectives given Solution So we need to login as Ronald. We could setup a proxy to tamper the data and have it send Ronald as the answer when submitting, however I just pulled up inspector edited to HTML to show another option for Ronald and then selected that user from the dropdown here is the orignal source code for the section we need to modify  <div class='level-form'>         <form method="POST">             <fieldset>                 <label for="user">Username:</label>                 <select id="user" name="user">                     <option>John</option>                     <option>Petter</option>                     <option>David</option>                     <option>Sam</option>                 </select>                 <input type="submit" value="Submit" class="

Hack This Site.co.uk - Main 5 Objectives ​Slightly more complicated JavaScript this time, but just as insecure. Refresh to try again. Solution this time when the site loads we get a Javascript window prompting for a password. if we cancel or enter the wrong password we get this cute picture of a kitty being sad so lets check the source again </div>             <div class='level-form'>          <script language="JavaScript" type="text/javascript">             var pass;             pass=prompt("Password","");             if (pass=="9286jas") {                 window.location.href="/levels/main/5?pass=9286jas";             }         </script>         <div class='center'>             <img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvGBPBtJiCEkp4WDtZlWB4Kuax7cBmpbwuhPT04j-aHv4deuXNlWtf_FTH4rlHYtZ8e-Ylo2zeVwKo86DgQ7Qhe41vKcBTPNmZ9F7Z7X0mkwVxaVXHwt

Hack This Site.co.uk - Main 4 Objective hint: ​Sometimes extra hidden fields are added to the form which contains extra information for the login script. Again this is very easy for anyone to gain access to as it is clearly shown in the source code. Sometimes these fields can contain very important information. Solution Let's start with the source code again here is the section that deals directly with this level </div>             <div class='level-form'>         <form method="POST">             <fieldset>                 <label for="user">Username:</label>                 <input type="Text" name="user" id="user" autocomplete="off"><br>                 <label for="user">Password:</label>                 <input type="Password" name="pass" id="pass" autocomplete="off"><br>            

Hack This Site.co.uk - Main 3 Objectives Hint: ​Using JavaScript as the only method to secure your site is a bad idea, but this has obviously been over looked while coding this page. Solution The hint says we should look in the code again specifically at any scripts inside. I found this script which checks the creds against hard coded creds <div class="page-wrap">          <script type='text/javascript'> $(function(){ $('.level-form').submit(function(e){ if(document.getElementById('user').value == 'heaven' && document.getElementById('pass').value == 'hell') { } else { e.preventDefault(); alert('Incorrect login') } })})</script>         <div id="header-wrap" class="container clr">             <header>                 <div class="col span_11 banner">                     <a href='/'>&nbsp;</a>                 </

HackThisSite.co.uk - Main 2 Objectives No Objectives given Solution Let's check out that source code again and look for anything funky OK so not as easy as the last level where the creds where in a comment in near the top of the HTML code. This time its hidden a bit further down where the form for the login is <label for="user">Username:</label>  <span style="color: #000000"> resu </span>                  <input type="Text" name="user" id="user" autocomplete="off"><br> <label for="user">Password:</label> <span style="color: #000000"> ssap </span> <input type="Password" name="pass" id="pass" autocomplete="off"><br>                  <input type="submit" value="Submit" class="button"> highlighted in bold are the creds for this level

Main 1 Objectives ​ Do NOT enter your credentials below, these levels are here to test you. Find the correct details and proceed to the next level. If you get stuck check out the hint, forum posts and articles shown in the help section on the left.  Solution So we have a login screen and it specifically says the user name pass is no the same one was we use to login to the site. lets check the HTML and see whats up. hidden near the top of the HTML where its calling scripts is the following      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> <!-- <script src="https://cdn.socket.io/socket.io-1.2.1.js"></script> -->         <!-- username: in, password: out --> Let's try in and out for the creds.. Completed ​Cool onto main 2