DEV Community: Michael Lee

HackTheSite Basic 9

Michael Lee — Thu, 10 Jul 2025 11:58:35 +0000

As mentioned from the problem statemnt, Sam has screwd up and we have to go to Basic 8.

With this we get the directory and the correct php file that directs to the passowrd for Basic 9.

HackTheSite Basic 8

Michael Lee — Thu, 03 Jul 2025 11:10:39 +0000

When you enter your name and click submit, you are brought to this page.

When I click to view it, I am taken to a site that is saved using .shtml
This is no the level of directory I want to be in at (tmp).
We can use a clever SSI command:  which lists all the parent directory. And now we finally have the correct .php file.

This required a little bit of thinking but was not too difficult.

HackThisSite Basic 7

Michael Lee — Sun, 29 Jun 2025 00:44:40 +0000

Since I am already familiar with MacOS, UNIX commands are not new to me. ;ls lists files and directories in the current directory.

This one was fairly simple, not too difficult to figure out a method.

HackTheSite Basic 6

Michael Lee — Sat, 28 Jun 2025 10:32:13 +0000

Since the task is regarding encryption, we should try a few exmaples.

11111 -> encrpted string is 12345
encrypted password 6f3i<667 -> 6g5l@;<>

From above, it's recognizable that each character is shifted forward by 1 position following the ASCII table.

Position 1: 1 → 1 (shift by 0)
Position 2: 1 → 2 (shift by +1)
Position 3: 1 → 3 (shift by +2)
Position 4: 1 → 4 (shift by +3)
Position 5: 1 → 5 (shift by +4)

Therefore, to decrypt, we shift the character backwards by 1 position.
This required a little more thinking but wasn't too difficult to decipher.

HackTheSite Basic 5

Michael Lee — Thu, 26 Jun 2025 10:01:41 +0000

The Problem was very simple and easy, as it was almost the same as Basic 4, go to inspect element of the button where you send the reminder email, edit and put your email instead of Sams.

HackTheSite Basic 4

Michael Lee — Wed, 25 Jun 2025 11:25:01 +0000

From the Page Source i have noticed an email.

Now that since it is unable for me to change the value, hover the mouse over the button and went to inspect element.

After modifying the value, I got sent the reminder to my personal email. Fairly simple but requires a little thinking.

HackTheSite Basic 3

Michael Lee — Wed, 25 Jun 2025 11:10:04 +0000

This one I had to think a little longer than usual. When out of options, look at the source code and search for "password" keyword.

Since Sam forgot to upload the password, I tried accessing password.php directly.
And that gave me the answer.

HackThisSite Basic 2

Michael Lee — Sun, 22 Jun 2025 14:24:53 +0000

Sam forgot to upload the password file that contains the actual password. -> The script tries to load a password from a file that doesn't exist -> return an empty string or null value -> user input field is also empty by default

Therefore: user input == password from file
=> Empty string equals empty string = authentication success

Fairy simple, not too difficult, just had to think a little.

HackThisSite Basic 1

Michael Lee — Fri, 20 Jun 2025 12:41:43 +0000

You can view ANY HTML for a website just by doing right click -> view page source

Search for the key word Password => Done!