Similar to the previous challenge, but with some extra security measures in place. Requirements: HTML knowledge, JS or FF, an email address.
Level 5
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.
Solution:
- From the description, you need to know a little javascript knowledge or how to use fake referer Add-ons or extensions
- If you use the same trick in basic 4, you'll get the error message below.
Invalid Referer
Invalid referer. The requested URL /missions/basic/5/level5.php will not be loaded.
/> - Basic 5 checks the HTTP headers to see where you are viewing the page from. It will give an error if the referred url is not /missions/basic/5/ or /missions/basic/5/index.php
- Use Chrome Developer Tool :
Type the javascript code below in the chrome javascript control panel, and it will change the value of form [0] (the first form) to pwn@foo.org :
javascript:alert(document.forms[0].to.value="pwn@foo.org"); - Press the button "Send password to Sam"
- There's the text on the page.
Password: a1a81721
- Back to the level page and submit the password
- Congratulations, you have successfully completed basic 5!