What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Basic 5


Similar to the previous challenge, but with some extra security measures in place. Requirements: HTML knowledge, JS or FF, an email address.

Level 5

Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decided to make his email program a little more secure.

  1. From the description, you need to know a little javascript knowledge or how to use fake referer Add-ons or extensions
  2. If you use the same trick in basic 4, you'll get the error message below.
    Invalid Referer
    Invalid referer. The requested URL /missions/basic/5/level5.php will not be loaded.
  3. Basic 5 checks the HTTP headers to see where you are viewing the page from. It will give an error if the referred url is not /missions/basic/5/ or /missions/basic/5/index.php
  4. Use Chrome Developer Tool :
    Type the javascript code below in the chrome javascript control panel, and it will change the value of form [0] (the first form) to pwn@foo.org :
  5. Press the button "Send password to Sam"
  6. There's the text on the page.
    Password: a1a81721
  7. Back to the level page and submit the password
  8. Congratulations, you have successfully completed basic 5!