Trying to figure out the password in this level is a little tricky if compared to level 1, if you had a problem doing that. Well, this level requires a little more than just common sense, and that is some programming knowledge (any language would do it).
Tip: Read the description back again, slowly, and try and understand every single word and line. Or else press continue reading…
Lets read the description back again, because the password to this level is hidden in its description.
Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file…
Some network security guy Sam has set up a password protection script which takes a user entered password and compares it to the password from an unencrypted text file. But however, he neglected to upload the password file.
So there was no password file uploaded and hence the script’s variable which stores the password to compare it, is empty(null) and hence the solution to this level.
What did we learn?
This happens usually with developers who don’t take the pain to check their code back again and is kind of a rough try. So in case, you have unlimited attempts, try it.
- PHP syntactic sugar code example - September 5, 2021
- Python convert random string date format to Datetime - July 12, 2021
- Laravel Custom Exception Handlers - March 28, 2019
3 Replies to “HACKTHISSITE.ORG | Basic 2: Common sense”
Hi i’m new to HTS and im going through the challenges. i’ve just seen your post and thanx for the solution. i’m totally new to hacking and security domain. About the Basic 2 mission, i’ve a question. I know it’s been mentioned in the clue that sam set up a password file but neglected to upload it. So in a real situation, how to get this information?
In the real world if implemented properly the request in such a case would lead to a ‘404! Not Found’ error, if the requested resource doesn’t exist.
There is no exact method that will work, the idea is to understand how things work without actually having to knowing.