Axino.net

hackthissite.org basic 4 :: email to admin

by Arxleol on Wednesday 24.06.2009, under hackthissite.org, tutorial

In fourth basic mission on hackthissite.org we will examine HTML documents further.

Mission starts with comment:

An email script has been set up, which sends the password to the administrator. Requirements: HTML knowledge, an email address

Now when you open mission text is as following:

This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:

If you try to click on button send email to Sam if you click on this button it will only return to you that password was sent. Now what you have to do is to check HTML script and see what’s hidden there.

If you inspect script you will find the following part of code:

<input name="to" type="hidden" value="webmaster@hulla-balloo.com" />

Let’s explain what this part means in fact. Hidden fields are used to store values as in this example this hidden value contains email of SAM.

Next step is to download script if you see source just copy it and then create file on your computer with extension html now open this file with any text editor and paste source code in file. After this find hidden field again and change email to some other value.

To continue open file in your browser and click again on the send email to Sam button and you will see password for this mission: 75fe820e

Similar Posts:

:, , , , ,
6 comments for this entry:
  1. Quintrix
    Sunday 30.05.2010 on 16:04

    The password change all the time : mine –> “629a2216″

  2. Arxleol
    Sunday 30.05.2010 on 19:29

    The point is not to share password but to learn how to solve mission.

    Regards

  3. john
    Wednesday 09.06.2010 on 00:42

    Next step is to download script if you see source just copy it and then create file on your computer with extension html now open this file with any text editor and paste source code in file. After this find hidden field again and change email to some other value.

    I can’t understand what source and what should i download?

    Please reply…

  4. Arxleol
    Wednesday 09.06.2010 on 04:00

    You should download mission web page.

  5. Kuurio
    Tuesday 22.06.2010 on 08:31

    How do I download the webpage? And attach an html? O.o

  6. Arxleol
    Tuesday 22.06.2010 on 13:41

    You can also just copy source and paste it into your local file.

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit other sites:

Archives