Hack This Site Basic 1–11 Missions Write-Up

Basic 1

  • I clicked to view of source code in page. And I saw that there is password.

Basic 2

Basic 3

  • I visited this directory. And I saw that there is password.

Basic 4

  • He assigned value in the Elements. I can change those element in the page.

Basic 5

Basic 6

  • I checked in ASCEE table. And I found 4b5g7>=m password.

Basic 7

  • This form is not secured. Indeed, I can inject commands in the date field. Try to enter “;ls -l”.
  • -It will produce a calendar and the result of our command. We see a file named “k1kh31b1n55h.php”.

Basic 8

  • Produces a file containing au12ha39vc.php.
  • -Add this file in the URL to discover the password: .

Basic 9

Basic 10

  • I changed with “yes” this value.

Basic 11

  • -So, I have found a file.Now visit it as:
  • There is our login page.still we are stuck!we don’t have the password or any hint in the source code of this page. Lets run another scan on the URL Fuzzer ,this time for directories
  • There are two possible directories. first we try /index/ ..but it seems no change it shows a new line .
  • Now, try /e/
  • Found a new directory in it.
  • /l/ ,and there are more directories /t/,/o/,/n/
  • in the end we are on a blank page,with just link to parent directory.


  • Here DaAnswer seems suspicious! so lets try it ! add DaAnswer after e/l/t/o/n/

Cyber Security Researcher https://twitter.com/Computeus7

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Automatic deploys for efficient web development with GitHub + Netlify

{UPDATE} HILL RACER 3 - real racing challenge Hack Free Resources Generator

Linux Cheat sheet from my experience

Spark Integration

Do you want your LMS to be SCORM compliant?

Set up a local WordPress environment in Manjaro

My first touch with docker as a java developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cyber Security Researcher https://twitter.com/Computeus7

More from Medium


Promo cover for NPST CTF 2021 write up — by Author

The Tale of a Click leading to RCE

InSecure Design Vulnerabilities: What are they and Why they Occurs

Accessing confidential files from a mobile phone in two minutes