HACKTHISSITE.ORG | Basic 4: Changing the scripts

This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot.

Now, as we see, Sam is quite forgetful, and he forgets his password all the time, so he wrote some script that would mail him the password. Lets begin with checking the source code as we always do.

<form action=”/missions/basic/4/level4.php” method=”post“>
<input type=”hidden” name=”to” value=”[email protected]” /><input type=”submit” value=”Send password to Sam” /></form></center><br /><br /><center><b>Password:</b><br />
<form action=”/missions/basic/4/index.php” method=”post“>
<input type=”password” name=”password” /><br /><br /><inputtype=”submit” value=”submit” /></form>

Now as we see this source code, Sam has put his email id in a hidden input tag. No, we are not going to hack this email id, instead we are now going to tweak the source code, so that it would work for us and not Sam.

There are two ways to change the source code, either save it on computer then edit it and workout or you can try developer tools which is really helpful in checking or editing the source code (firebug in Firefox). All you now have to do, is change Sam’s email id into yours.

What did we learn?

Hidden attribute in input tags hide your information only till the time user doesn’t peeps into your source code.

Good luck!!!

Abhishek Gupta
Follow me
Latest posts by Abhishek Gupta (see all)

9 Replies to “HACKTHISSITE.ORG | Basic 4: Changing the scripts”

        1. I mentioned it there. “There are two ways to change the source code, either save it on computer then edit it and workout or you can try developer tools which are really helpful in checking or editing the source code (firebug in firefox). All you now have to do, is change Sam’s email id into yours.”

    1. Here is the source code TODAY (11.9.14):

      Password:

      Open Notepad, copy+paste that part of the HTML source code, then change the “[email protected]” email to your email. Put “http://www.hackthissite.org” in front of the “/missions/basic/4/index.php”. Save it as “index.html”, then open it and click on “Send Password To Sam”.

      Each password is different for every user, so don’t ask another person to give you the password. It would only work if you find it yourself. Usually, the password is in Gibberish and consists of letters+numbers. eg. a9d6gh

  1. Hmm… exactly what I was trying to do, however I never received an email from Sam’s script… No idea whats going on, I’m pretty sure I spelled my email right

Leave a Reply