See If You Can Find It

Saturday, June 27, 2020


Have you ever found yourself wondering where you can practice your existing 1337 h4x0r skills and learn some more? If so, keep reading. Already got somewhere for that? Keep reading anyways, you might learn something new!

"HackThisSite" was the first place I ever started to learn anything to do with the art of hacking. Back when I first joined, you were encouraged to actually hack the site itself. Anyone who successfully did so, without causing any damage, with responsible disclosure, was put in the Hall of Fame and rewarded in other ways. I'm not entirely sure if they still do this, but hey, you could take a look!

Founded in 2003 by Jeremy Hammond, HTS is a training ground meant to help its users learn and practice hacking both safely, and legally. Jeremy is known to have been associated with the hacktivist group LulzSec and the hacktivist collective movement Anonymous. He was sentenced to 10 years in prison in 2013 for hacking a private intelligence group called Stratfor, and releasing that data to WikiLeaks.


Once you register an account with HTS, you'll have several missions you can take a swing at, here we'll take a look at some of the basic missions. Keep in mind that what you do here isn't going to happen elsewhere, if you find something this insecure, it's probably a honeypot.

First you'll want to select the basic missions on the left hand side of the site. From here, just do them in order.

Basic 1
Right from the jump it tells you all you need to know: A little basic HTML. Don't know any? Don't worry, it's not as hard as you may think.

Have you ever tried to impress your friends by pressing F12 or right click>inspect element and viewing the source code of the page? If so, you know what to do. If not, give it a try!
(you didn't really think I'd give you the password did you?)
For those not in the know, <!--insert_text--> is the syntax for a comment in HTML, hence the reason that this isn't displayed on the page! For more HTML, I'd highly advise you take a look at that W3 schools link they provided. Alright, let's move on!

Basic 2
I'd argue that this one is easier than the first.
He forgot to upload the password file. It's not there. There is nothing to validate against. Make sense? Let's move on.

Basic 3
Now we're getting somewhere, this one isn't hard by any means. But there's more to it than the first 2.
Go ahead and take a peek at the underlying HTML.
Now we can navigate to that link.
Now just go back and enter in what you found! Time for the next challenge!

Basic 4
You know what to do, lets look at that script!
All you have to do from here is modify it to YOUR advantage. *this has to be with the email you used to register with the site. As long as you do this correctly, you should receive the password and be able to proceed from here! That's going to be it for today, go ahead and see if you can figure out the rest of the challenges!

No comments:

Post a Comment