This post will show you how to complete all the basic missions on HackThisSite.org.

I’ve gone through all of the steps, from Basic 1 all the way through to Basic 11. They’re pretty simple tasks, and for many of them there’s a video tutorial included.

Oh, and use the table of content below to quick skip to the one that you’re looking for. It’ll save you scrolling and scrolling!

Please, do try to figure it out before you use the solution. After all, it’s far more reward to figure it out by yourself without seeing the answer. There is no learning in that, just copying!

There are many free resources on the internet that you can use to advanced your learning if you’re unsure about any of the approaches, what produces certain outcomes, and how to implement/spot certain things.


Hack This Site: Basic 1 Solution

🔥 Hack This Site, Basic 1, Tutorial 🤓 (HackThisSite.org)

This test is the proclaimed “idiot test”. It really requires little effort at all. Honestly, you should need to follow a solution to figure this one out. But here it is anyway.

right click and inspect code

Inspect the page’s HTML code

Right-click anywhere on the page, and go to Inspect. This will bring up the source code of the page. You’ll see all the of the HTML code.

Goto the Element selector (top-left), and click it.

high element in inspect code

Hover over the page with the element highlighter

Go to the highlight element option. Mentioned in the previous section.

114

Hover over the form until it’s highlighted. See above.

When you click it, it’ll skip to where the code for this section if specified in the console panel. There, you’ll be able to find the password used to complete the level.

135

Locate the password in a HTML comment

And then find the HTML comment under the class “sit buffer”. If you’re struggling to find it, use the search function and type “password“.

666

Copy and paste the password into the input field, and then submit.


Hack This Site: Basic 2 solution

🔥 Hack This Site, Basic 2, Tutorial 🤓 (HackThisSite.org)

In this test we’re told that Sam has set up a script that loads the password from an encrypted text file.

203

This is really easy..

Note this part, it’s really significant. So, just click Submit.

247

It’s really that easy, no need to dig through the HTML source!


Hack This Site: Basic 3 solution

🔥 Hack This Site, Basic 3, Tutorial 🤓 (HackThisSite.org)

This time, Sam uploads a password file, so it’s not as simple as in the last task. So let’s open up the Inspect element again.

788

Inspect the form

Now, we know we’ll start by inspecting the form again. By hovering over it with the element highlighter.

425

Find the hidden file

Then you’ll notice that the form has a hidden input, with a value of password.php. Let’s navigate there are see if there is any information that can help.

hackthissite basic 3 password link
Click image to go there directly.

Locate the password

And there we have it, an ill-stored password ready to be copied and pasted into the input box.

218

Hack This Site: Basic 4 solution

🔥 Hack This Site, Basic 4, Tutorial 🤓 (HackThisSite.org)

In this mission you find that Sam has put his password in a script once again, but this time it will email him automatically in case he forgets. So, lets inspect the send password button.

979

Find the hidden email value with inspect element

Then, in the inspection window, you’ll find there are two inputs in the form.

436

Change the email to your own

The top input contains a “to” value, which is obviously an email address. Double click on the value, and replace this with your own email address.

662

Once that’s set, click on the Send Password to Sam button.

908

The password will be emailled to the provided email address, only if it’s the registered email address used to sign up to the website.


Hack This Site: Basic 5 solution

🔥 Hack This Site, Basic 5, Tutorial 🤓 (HackThisSite.org)

This is exactly the same as Basic 4…

808

Hack This Site: Basic 6 solution

This test requires you did some decryption. But fortunately you’ve got a form that allows you to encrypt different inputs.

145

Encrypt a simple string of characters

Lets start by entering in a load of 0’s, so we can see how each one reacts.

663
Note that eight 0’s have been input. This is the same amount of characters in the encrypted password.

Analyse the encrypted output

The encrypted string that gets returned has an obvious pattern. Add the characters index position in string, to the character.

445

Use this to crack the encrypted password

So we need to minus each value from the encrypted password, starting with “1-:”. But, to give “:” and other alphabet characters a value, we need to convert it to ASCII format.

asciifull
This table from AsciiTable gives each character a value, it really doesn’t matter which value (Dev, Hx…) that you take away from.

Subtract the values from the ASCII values

After subtracting the values from the encrypted string using the “0 string”, we are given the following result (work this out in notepad).

498

Hack This Site: Basic 7 solution

In this test, Sam has put his password in an obscurely named file. He has also installed a calendar script that uses Unix commands.

877

Test the input form first

If you input 2000, it returns a whole bunch of calendars.

113

Inject your own code after it

Let’s exploit this by injecting our own commands into this! For this, we’ll need the ls command.

579

Why this works

The script is probably running something like “cal USERINPUT“.

Now, by injecting this command, we’re making the script run “cal USERINPUT && ls“. This is essentially two commands combined into one, with ls listing all the files in the current directory.

418

Locate the obscure file

We’ll go for the most obscure file here, and navigate there directly to find the password.

527

Hack This Site: Basic 8 solution

First of all, we know that the password is stored encrypted in the following location:

/var/www/hackthissite.org/html/missions/basic/8/

The input box takes some input, a string, and then creates a file.

443

Test the input form

Create a file, then view it.

852

Research SHTML

Notice that the URL links to a .shtml file.

688

Exploit SSI

That means that we can inject some server-side code! I’m no expert in SSI, so we’ll pull some info from another site.

139

This is what the commands look like. We can use this to execute commands too!

198

Try SSI with LS command

So let’s try the following command:

<!--#exec cmd="ls"-->
148

Escape the current directory

Now we also noticed in the first instance that we created a file, that the files were being stored in a /tmp location.

209

We need to escape this folder. This can be done using “../“, after the “ls” command.

<!--#exec cmd="ls ../"-->

This “../” will execute the “ls” command in the /basic/8/ folder. The folder above.

Locate obscure file

421

This gives us the obscure password file that we can then navigate to. Remembering not to use the /tmp folder.

Get the password

826

Hack This Site: Basic 9 solution

This test builds on the exact same principles as Basic 8. So, go back to basic 8 so you have the input form again!

215

Edit the SSI used in Basic 8

Now you need to edit the previous command slightly. Before we used:

<!--#exec cmd="ls ../"-->

This executed the “ls” command in the “/basic/8/” folder. Now we need to get up into the “/basic/” folder, then down into the “/basic/9/” folder before we execute “ls”!

<!--#exec cmd="ls ../../9/"-->

Locate the hidden file

622

Get the password

Then we navigate to the file. Remember to change the folder to “/basic/9/“.

507

Hack This Site: Basic 10 solution

After picking through the HTML source for a while, it’ll become obvious that there’s little to go by. So, where are some other places that scripts can determine your authorisation?

232

Analyze your Cookies with Inspect

To find your cookies, try first submitting a random password, then go back. Inspect element, and go to Application tab.

671

Change the authorization value

You’ll see a row with name “level10_authorized” and value “no“. Set this value to “maybe” — just kidding, set it to “yes”, then click Submit.

127

Hack This Site: Basic 11 solution

Now this mission is touted as being harder than the others, and rightly so. When you start, you’ll notice that the song’s change whenever you refresh the page.

694
367
785

Figure out the artist

A simple google search will show that these are Elton John songs:

557

Find the hidden /e directory

So lets search for the directory /e, for Elton John.

853

Follow the directories, then open the .htaccess file

We’re then lead through the letters until we get to /n. At which point there are no more files. Perhaps because the files are hidden! So lets check the .htaccess file.

599

Find DaAnswer

Next we browse to /DaAnswer.

208

Use the password hidden in plain sight

We finally head over to /index.php, and submit our answer “around”.

763

Leave a Reply