Sunday, January 12, 2020

Hack This Site | Info,Walkthrough and Review


Hack This Site | Info, Walkthrough, and Review

HackThisSite.org, normally alluded to as HTS, is an internet hacking and security site established by Jeremy Hammond. The site is kept up by individuals from the network after his departure. 
It intends to furnish clients with an approach to learn and rehearse essential and progressed "hacking" aptitudes through a progression of difficulties in a protected and legitimate condition.

Hack This Site | Info,Walkthrough and Review
In Short, you can demonstrate and learn basic to advanced hacking skills from Hack This Site.

So without wasting time, we are going to dive into Hackthissite.org

The first thing you need to do is register to site.  simple and easy. 


Few features of HTS :

1) Provide real-time hacking scenarios.
2) many articles and feeds on recent technologies, Programming languages, exploits & tutorials.
3) an excellent forum consisting of topics starting from basic to most sophisticated stuff you'll find on the web. Some of the various topics would be Cryptography, Mathematics, Design, Human psychology and far more.
4) Great collection of warez that would be used for private and hosted challenges.
5) Hackthisite IRC, Where you'll meet a number of the foremost talented people on the web.
6) Last but not the least -> Basic challenges, Realistic challenges, JavaScript challenges & all the others which are the base of HTS and keeping it interesting since 2005.

list of challenges we have here...

Hackthissite Challenges
Hackthissite Challenges

here we are going to solve some challenges for better understanding and Fun.

Hack This Site Basic mission 1 

In this simple challenge, our skill of HTML is going to be useful just Inspect that page and find login form you can see there password

Hack This Site Basic Challenge 1
Hack This Site Basic mission 1 



as you can see the password is saved in HTML in there.. easy right..!!
but after every challenge difficulty level increases and become harder to complete challenges

moving on to next challenge


Hack This Site Basic mission 2


Hack This Site Basic mission 2
Hack This Site Basic mission 2

This challenge really require some thinking and common sense 

so there is no password file uploaded to check where it is right password or not so any password you will enter give you an incorrect password.. 

but the catch is if we submit a blank password it will not check up and confirm it directly..
 Just submit a blank field and it will show congrats you completed challenge..



Hack this Site Basic mission 3



Hack this Site Basic mission 3
Hack this Site Basic mission 3




This time password file is present there we just need to find it. in order to do that we need to inspect the site and find that password file..


Hackthissite basic challenge 3
Hackthissite basic mission 3

after searching for some time I find that file password.php in there..

we just need to open that file adding it to url..

Hackthissite basic challenge 3 password.php
Hackthissite basic mission 3 password.php

as you can see after hitting enter password is directly shown in there just need to copy it and paste it in the password field and hit submit.. and we passed another challenge..

Hack this site basic mission 4


Hack this site basic mission 4

Hack this site basic mission 4



This time our developer sam made a script to send him password via email 
we need to find his email address first in order to do so inspect an element and find an email address in HTML tags..

Hack this site basic challenge 4
Hack this site basic challenge 4


after inspecting HTML I found the email address of sam which is sam@hackthissite.org

just need to change this email address with our email address so that the script will send a password to our email address..

now click on that script named send the password to sam and this page will appear

Hack this site basic challenge 4
Hack this site basic challenge 4

and password will be sent to the email we changed simply open that email copy password and paste it in password field hit submit.. and we passed another challenge..


this is some of the basic challenges I wanted to show you there are more to play with.. try to solve those challenges by your own smile will spread on your face after every challenge you passed..
go ahead and take challenges..


Realistic Challenges


Now we are going to see some Realistic challenges which are really fun to solve and test your hacking skills .. 
there are lots of challenges out there but I will show you my favorite 2 challenges
without wasting time lets get into it..

Hack this site realistic mission 2

Hack this site realistic mission 2
Hack this site realistic mission 2

first of all, don't get offended because of this challenge its just a demo site nothing represent here USA or iran..

our goal here is to take down this site..

first, we need to inspect the site to find any useful information to escalate it further..
after inspecting it I found one juicy file which is update.php 

Hack this site realistic mission 2
Hack this site realistic mission 2 page

by adding update.php in URL I found very interesting page there...

yesss.. we found login page but in order to gain access to login page need to find username and password.. right.?

we can hack this login page with an old school manual SQL Injection attack..

to check SQL error need to find perfect payload..

after some trial and error, I found that login page giving error on some post based union queries like 

1=1--  

Hack this site realistic mission 2 login page
Hack this site realistic mission 2 login page

after playing with it I got payload   ' or 1=1--   which is worked perfectly and we got admin access

hence we completed the challenge...


Hack This Site Realistic mission 3

Hack This Site Realistic mission 3
Hack This Site Realistic mission 3

This realistic challenge, we need to recover a poem site which is defaced by some bad hackers.

after opening defaces site we need to Inspect it.

Hack This Site Realistic mission 3 Hacked page
Hack This Site Realistic mission 3 Hacked page

after inspecting that hacked page I found out that green HTML text over there..
which suggests the old site is still up there and backed up at oldindex.html
so we need to find it first 
in order to do that type oldindex.html in the end of URL and hit enter..

Hack This Site Realistic mission 3 oldindex.html
Hack This Site Realistic mission 3 oldindex.html
here we can see that the poem site is still running in background..
now we need to post this page in index.html by submitting this pages source code..
but catch here  We must use our previous path traversal knowledge to place the file in the correct directory.
which means we need to submit it on one directory up to show correctly in the index page..
in  order to do that first copy source code of poem site and click on submit a poem


Hack This Site Realistic mission 3
Hack This Site Realistic mission 3 

here at the name of a poem we need to add directory which is  ../index.html
and paste source code in poem box and add poem..
after this poem will be added on index.hml which is a home page and defaced page get removed automatically...

hence challenge completed= respect+


I had too much fun solving realistic challenge.. must try..

Conclusion- Hackthissite.org is open for all. here all types of challenges you can see. I have shown you some of them but you should try other challenges on your own. 
it has many challenges for beginners to advance hackers where you can test your caliber.
I will give you my example..
I am a penetration testing and ethical hacking expert but don't know more about forensics in hack this site I tried to solve forensic challenges and now I am a forensic expert too..  ;)
moral of the story is it will really help you to gain and polish hacking skills...
so go and check it out..


happy hacking...





Share:

Popular Posts