I bet you’ve had many fun with Level 1 and Level 2 already. Now, things are getting harder as expected. Level 3 will require a little more skills. So let’s get to HackThisSite Basic Mission Level 3 Challenge.
You can start level 3 by clicking on Next Challenge button after congratulation screen on level 2, or access via navigation on left sidebar.
This is our level 3 on Basic Mission looks like.
It seems like the guy, Sam, has fixed his mistake from previous level.
So we can expect that when submitting the form, it will try to compare with our input password in password field.
We can start by doing a stupid click without password to see what happens.
Okay, so no dump action here.
Think about it again, this is just an HTML form no more no less, so there is no better way than verifying the HTML code of the form to see if there is any suspicious thing around.
On browser, click to view source file of level 3, or if you in Google Chrome, you can add prefix to the url
view-source:https://, so the access url will be like view-source:https://www.hackthissite.org/missions/basic/3/
Look around the code of the form, here it is.
Do you see anything suspicious?
Tell me that you can find the target. It’s clear into the eyes!!!
Who in the world could put that
password.php file leaking around like this?!!!
Just access that file to see the content, and we expect that to be our answer for this challenge.
Put into the submission form and you will see this.
You’ve done it again!
Alright, let’s prepare yourself for next challenge!