Sunday 18 October 2015

Solution: HackThisSite - Basic Missions - Basic 3

1 comment

HTML.. A base of any website.. Our next challenge is based on basic understanding of HTML.. Source code can reveal many important things which sometimes web developers neglect knowingly or unknowingly..

Site: HackThisSite (https://www.hackthissite.org)
Solution: Basic Missions > Basic Level 3


Challenge Description: This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

So our beloved Sam fixed previous problem this time. But little did he know that users can actually call the files directly and see the output if the validation is not proper. The problem here is that Sam actually uploaded the file, but his coding in the file is to output the password so that password compare script can compare the password in the file with the password entered by user..

As we can see in the source code, there is a file "password.php", this is the file which contains the unencrypted password. Password script will call this file for the password value and compare the result with the value entered by the user.. Well, user can also call the file directly to see what it does.. So let's try that..

Well, the password file just gave it away easily.. Password is: 47442112


Read More

Solution: HackThisSite - Basic Missions - Basic 2

Leave a Comment

Basic challenges are pretty easy ones.. All they need is some basic fundamental understanding of how things work and a little bit common sense.. Like our next challenge, it is a basic common sense which plays a major role..

Site: HackThisSite (https://www.hackthissite.org)
Challenge: Basic Missions > Basic 2
Challenge Description: Network Security Sam set up a password protection script. He made it load the real password from an un-encrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...

Now Sam here forgot to upload the password file.. The very essence of the password script to actually work.. If the file is not uploaded, obviously script will not find any file and let anything pass through it as it does not have anything to compare with.. So out password is literally blank.. Just click on submit without any password and your challenge is clear :)..




Read More

Solution: HackThisSite - Basic Missions - Basic 1

Leave a Comment

Today we are selecting another awesome challenge site.. This site has been around since long and almost every other hacker/script kiddie have heard about this website. This website also provides the challenges + tutorials and news from around the globe related to computer securities and similar..

So let's start as usual with basics..

Site: HackThisSite (https://www.hackthissite.org/)
Challenge: Basic Missions > Basic 1 - Level 1 (The Idiot Test)



If you remember previous source code challenge from CanYouHackIt, this will be easy for you too.. This is similar passsword in the source challenge.. Ctrl + U or Right Click > View Source and you can track down the password easily..


And there it is.. Our password is - 3eab46ab


Read More

Saturday 17 October 2015

Solution: CanYouHackit - Cryptography Challenge 2

Leave a Comment

This one is pretty simple if you can read the title properly and connect the dots given in the challenge, and also if you have used old age mobile phones.. :D

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Cryptography > Cryptography Challenge 2 > Not K9 But ?


You may have guessed it by this time that it is a code of T9 texting.. You can find online T9 predictive dictionaries and try it out.. So the password is "mobile"


Read More

Solution: CanYouHackIt - Cryptography Challenge 1

1 comment

This is regarding Cryptography..
Cryptography is very important aspect or we can say field, a subset of Computer Securities.. Cryptography is almost everywhere.. Encrypting a message based on a key which is present with the sender and intended receiver of the message.. This encrypted message will look like a garbage text to any other person who tried to intercept the message.. Only sender and the receiver can make sense of what actually has been sent.. So let's start with our very field challenge in this field..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Cryptography > Cryptography Challenge 1 > He also makes a good salad


So here, titles gives it away actually..
It states " He also makes a good salad "
And if you have heard of Cryptography word, you might also have heard about Julius Caesar, because early cryptography was started with Caesar cipher.. Roman emperors and Egyptian Cryptography and Stenography may also ring some bells.. No need to think too much about this, if you can search google with cryptography + salad, you will get the word "Caeser Salad" which is our password.. :D :D

   
Read More

Solution: CanYouHackIt - Script Challenge 3

Leave a Comment

Advancing to our next challenge in the Script Challenges Set... This time, the difficulty level rises.. It is more complex logic than we have seen before.. Let's try to break it..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Script > Script Challenge > Arrays!


So this time, the core logic is like this
- User enters the password
- Script runs a loop to calculate another variable out of entered value of password and a variable already defined
- The Loop runs through each character of the password entered by user and maps it on the variable "keys" to get the position of that character as value for the variable P

See like this
If I entered the password "ABCD"
The loop will take A and map it onto keys and get the position number of "A" in the variable keys - Value received "10".. Added into variable P
current value of P = " 10"

The loop will then take B and map it onto keys again to get the position number of that character in the variable keys - Value received "11" .. added to P
current value of P = " 10 11"

The loop will then take C and map it onto keys again to get the position number of that character in the variable keys - Value received "12" .. added to P
current value of P = " 10 11 12" .. and so on... I hope you understood the basic logic behind the code..

Now, if we want to get the password, we can modify the script in such way that it gives out the password which is required to match exactly to what P has.. below is the modified script..


As we got our password, that is - H4x0rS


Read More

Solution: CanYouHackIt - Script Challenge 2

Leave a Comment

Onto our next challenge.. This is another similar script challenge we solved before.. But with a little bit more of scripting logic.. So let's begin..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Script > Script Challenge 2 > Another Quick One


After people understood that client can also see the javascript on their browser using View Source, they started using javascript's more complex logic to implement password validation.. This one is like that, but comparatively easy to understand..

Now what we have here...

  • var a = "de9f8caa7ea6fe56830925a124d605d4"; //A variable with some values
  • var password = ""; //Another variable, but empty at the moment
  •     
  •     for(var i = 0; i < 20; i++)
  •         password += a.substring((i%3),(i%5)+(i%3));
Above loop calculates the password, it gets the password by manipulating the variable "a".. Now, how can we get what the end result will be after the loop..? The result is necessary because the conditional logic in the script later requires the value of variable "password" to match with our entered password.
I used an online javascript compiler to compile the code snippet given above, and I got the password..
Below is the result screenshot..


So the password is : e9fde9e9f8de99f8de9f9dee9f9f8ce9fde9e9f8


Read More