Address:
www.hackthissite.org
Recently , I just writeup some simple CTF at www.hackthissite.org
The Basic Missions Writeup:
Basic-1:
lookup the source of the page
Basic-2:
when you looked up the source , you might realize ...
just remenber ,there is no password file ...
Basic-3:
lookup the source of the page , you will find a password.php , just open it.
Basic-4:
lookup the source , you will find the password could be mailed to someone's E-mail
So , just change the E-mail address into yours ...
Basic-5:
The same as 4th.
Basic-6:
the top one function , is to encrypet the word , you can just have a try .
the encrypetion is : the No.X word will be add X-1
eg. 123 => 135
Basic-7:
Notice , this is Mentioned as : the system is Unix
Unix command will be used :
;ls -a
And the password file shown
Basic-8:
Notice , this web is made by PHP
The php script command might work :
<!--#exe cmd = "ls .."-->
And the password file shown
basic-9:
the same as 8th.
But the 8th page will be used .
<!--#exe cmd = "ls ../../9"-->
Basic-10:
It might be difficult at the first ;
lookup your cookies , you will find one named with '10' , yes , that's it !
all you need to do , is changing the vaule into 'yes'
Here is the javascript to achieve it .
javascript:document.cookie='level10_authorized=yes'
Basic-11:
Refresh the page at some times , you will find the name of the song always be changed ;
Then you could test whether there is any other page.
When you input "index.php";
There is an authentication page .
So , in the same way there might be some other files .
Take some try :
/a /b /c /e
and you will find a way with /e
( Search the song you may find , all of the songs are singed by one person : Elton John )
follow the folder and you will find /e/l/t/o/n/
and you might think there must be some files which are Hidden !!
try to input '.'
there is a PHP script , it hides two files :
DaAnswer.* .htaccess
The answer is in .htaccess
www.hackthissite.org
Recently , I just writeup some simple CTF at www.hackthissite.org
The Basic Missions Writeup:
Basic-1:
lookup the source of the page
Basic-2:
when you looked up the source , you might realize ...
just remenber ,there is no password file ...
Basic-3:
lookup the source of the page , you will find a password.php , just open it.
Basic-4:
lookup the source , you will find the password could be mailed to someone's E-mail
So , just change the E-mail address into yours ...
Basic-5:
The same as 4th.
Basic-6:
the top one function , is to encrypet the word , you can just have a try .
the encrypetion is : the No.X word will be add X-1
eg. 123 => 135
Basic-7:
Notice , this is Mentioned as : the system is Unix
Unix command will be used :
;ls -a
And the password file shown
Basic-8:
Notice , this web is made by PHP
The php script command might work :
<!--#exe cmd = "ls .."-->
And the password file shown
basic-9:
the same as 8th.
But the 8th page will be used .
<!--#exe cmd = "ls ../../9"-->
Basic-10:
It might be difficult at the first ;
lookup your cookies , you will find one named with '10' , yes , that's it !
all you need to do , is changing the vaule into 'yes'
Here is the javascript to achieve it .
javascript:document.cookie='level10_authorized=yes'
Basic-11:
Refresh the page at some times , you will find the name of the song always be changed ;
Then you could test whether there is any other page.
When you input "index.php";
There is an authentication page .
So , in the same way there might be some other files .
Take some try :
/a /b /c /e
and you will find a way with /e
( Search the song you may find , all of the songs are singed by one person : Elton John )
follow the folder and you will find /e/l/t/o/n/
and you might think there must be some files which are Hidden !!
try to input '.'
there is a PHP script , it hides two files :
DaAnswer.* .htaccess
The answer is in .htaccess