How to Beat the Hackthissite.org Basic Missions

Hackthissite.org is a sandbox hacking website that teaches penetration testing for all sorts of technologies today. Network, mobile, and basic PC security are just a few of the ways that Hackthissite.org has been helping people for years...
Part 1 of 3:

Beating Basic Mission 1

  1. How to Beat the Hackthissite.org Basic Missions Picture 1How to Beat the Hackthissite.org Basic Missions Picture 1
    Log into your account. Before you can begin taking on some of these challenges, you will need to sign up for a free account. After having done so, you will then need to log in with your username and password. Go to the HTS home page, and the login form will be in the top left side of the page.
  2. How to Beat the Hackthissite.org Basic Missions Picture 2How to Beat the Hackthissite.org Basic Missions Picture 2
    Choose 'Basic Missions.' The pane on the left-hand side is the main navigation for HTS. Here, under the 'Challenges' subheading, you will find the 'Basic missions' link. Click this to continue.
  3. How to Beat the Hackthissite.org Basic Missions Picture 3How to Beat the Hackthissite.org Basic Missions Picture 3
    Select your challenge. Once this page finishes loading, you should see a whole series of 11 different challenges. The top should be 'Basic 1'; go ahead and click it to continue.
  4. How to Beat the Hackthissite.org Basic Missions Picture 4How to Beat the Hackthissite.org Basic Missions Picture 4
    Clear the 'Idiot Test.' Each challenge will ask you to enter a password that you have to figure out on your own. The first challenge is called 'The Idiot Test,' but don't take it personally. You should take a few minutes to at least try and figure this one out before continuing on to the next step or even reading on.
    1. The most important clues should be given in the little help box below the password field. Basically, you should know that every website is made up of a coding language called HTML. Understanding that this language makes up every website should be your greatest clue. The next step will contain the answer to the challenge, so please make sure to exhaust your brain before continuing.
    2. If you don't wind up figuring it out on your own, nothing really happens. You are free to access further missions. In addition, you are free to enter as many wrong answers as you want, nothing will change. However, learning by doing each step will increase your chances of understanding future missions.
  5. How to Beat the Hackthissite.org Basic Missions Picture 5How to Beat the Hackthissite.org Basic Missions Picture 5
    Check out the forums. If you're really stumped, check out what other users have to say by checking the forums. To access the forums, you will need to look at the navigation bar on the left-hand side of the screen. You will find 'Forum' under the subheading 'Communicate.' You will need to make sure to sign in first before creating a new post. Just use the username and password you use for the main HTS. Basically, on this site, there is no better place to learn than with other people who have gone through the same challenges. Remember though that these people get the same questions all the time about each mission in every category, so just take your time and read what questions have been asked by other people that are just starting.
    1. Google things—Perhaps not for this particular mission, but the first thing you will be asked by people on the forums is if you 'Googled It' before you posted a question, so make sure that you do.
  6. How to Beat the Hackthissite.org Basic Missions Picture 6How to Beat the Hackthissite.org Basic Missions Picture 6
    Solve the first challenge. Right-click on the web page, anywhere will do, and click the 'View page source' option. Some browsers might say 'View source.' A new page should open. It may look like a bunch of randomness, but it's not. The password is contained inside this code, in plain sight. If you would like to jump straight to the password, copy the last few words of the story just above the password field. In this case its, 'Enter the password and you can continue.'
    1. Hold down Ctrl on your keyboard and hit the F key to start a word search of the code. Then paste the sentence above in it and hit Enter. The page should jump right to that sentence in the code, and the password is right below it. It should say something like 'the first few levels are extremely easy: password is f0d0751f.' Copy the 'f0d0751f,' or whatever yours says, and paste in inside the password field on the Basic Mission 1 page.
    2. Click the 'Submit' button to continue. You just finished Mission 1. A new page should load that says 'Congratulations, you completed basic 1!' Click the blue 'Next Challenge' button down and to the right of this box.
Part 2 of 3:

Beating Basic Mission 2

  1. How to Beat the Hackthissite.org Basic Missions Picture 7How to Beat the Hackthissite.org Basic Missions Picture 7
    Think about the story provided. From this point on, there is going to be a little story that the site creators made specifically for these challenges. Make sure to read this small little paragraph of a story on each one because these will contain clues for each challenge. This challenge is actually much easier in some ways. Please make sure to read the story paragraph above the password field.
  2. How to Beat the Hackthissite.org Basic Missions Picture 8How to Beat the Hackthissite.org Basic Missions Picture 8
    Check the forums. One of the basic steps that you should get used to is checking the HTS forums, and Googling everything. As soon as you think you have hit the end of your guesses and solve attempts, go to the forums. These people have been here for years, and they are more than willing to help people understand difficult subjects. In addition, they are usually pretty good about not giving the answers right away and actually helping people to learn the concepts behind these missions.
    1. Although many of these people will be nice and friendly, please note that not all will be nice to you. There also may be some who may just drop the answer right away. Please try to remember that you are here to learn these concepts, not just get the answers.
  3. How to Beat the Hackthissite.org Basic Missions Picture 9How to Beat the Hackthissite.org Basic Missions Picture 9
    Beat the Basic Mission 2. If you haven't figured it out on your own yet, you are probably going to come to this step completely confused. That's all right. Let's break it down. The paragraph says 'Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file…' The last sentence is the most important in this case. If there was no password file loaded, then there is no password. Thats right! Just click the submit button and you have beaten the second mission. Click the blue 'Next Challenge' button to continue.
Part 3 of 3:

Beating Basic Mission 3

  1. How to Beat the Hackthissite.org Basic Missions Picture 10How to Beat the Hackthissite.org Basic Missions Picture 10
    Take a moment to explore. That last mission should give you an idea about what you need to do sometimes in order to get through a mission. Sometimes you need to be able to click buttons and see the results, because sometimes people make mistakes. This mission, however, becomes the most complicated so far because it goes back into the HTML coding of the site, and the story isn't of much help. Make sure that you take a moment to try and figure each of these challenges out on your own though. When you are stumped, continue to the next step.
  2. How to Beat the Hackthissite.org Basic Missions Picture 11How to Beat the Hackthissite.org Basic Missions Picture 11
    View the HTML. Once you are on the Mission 3 page and have exhausted yourself, right-click the web page and click 'View source' or 'View page source,' depending on your browser, to view the HTML for the page.
  3. How to Beat the Hackthissite.org Basic Missions Picture 12How to Beat the Hackthissite.org Basic Missions Picture 12
    Find the password area in the HTML page. As you look at the code in front of you, you may be a bit confused. That's all right; everyone is at first. Dive down to the part of the code that contains the part of the HTML with your password field and story in it. You can do this by copying the last sentence of the story presented, then holding down the Ctrl button on your keyboard and hitting the F key. This will open a search box in the upper right-hand corner of the page. You are then going to right-click inside that box and select 'Paste' from the context menu given. You should automatically be taken to the part of the code that contains our password field.
  4. How to Beat the Hackthissite.org Basic Missions Picture 13How to Beat the Hackthissite.org Basic Missions Picture 13
    Know the difference in the codes. As you look at the code, you may notice that there are actually different types of codes being used and referenced. This is because HTML works alongside many different coding languages to accomplish different things. For instance, PHP. PHP is what is called a server-side scripting language. A programmer can run scripts with PHP that would otherwise be too difficult, or impossible, to accomplish with HTML alone.
    1. A few good resources to understanding a programming language, like PHP, online would be 3WSchools. It is important to research as you are going through different challenges to learn more about the obstacles in your path. These sites can help you learn a bit about PHP, as it will come up in future challenges.
  5. How to Beat the Hackthissite.org Basic Missions Picture 14How to Beat the Hackthissite.org Basic Missions Picture 14
    Compare source codes. Open up the source for Mission One in a tab and then view Mission 3's sources code in another; you should try to compare the two. Try to spot the changes. You may first noticed that the way the code is formatted has changed. In addition, there seems to be a new file type that has been inserted. This is the line of code you are looking for: ''. This shows us something interesting. Network Security Sam has placed the password we are looking for inside a PHP file called 'password.php.' Since web browsers like Chrome or Firefox are built to automatically read PHP and other web-based languages, you should be able to read this file.
    1. If you look at the line just above the one that lists the PHP file you should see: ''. If you go back to your main basic Mission 3 page and look at the current URL, it should read something like https://www.hackthissite.org/missions/basic/3/, but notice that there is no 'index.php' on the end. This means that the website is waiting for a specific action to happen before i starts reading index.php file. The same is true for the 'password.php' file. The website is waiting for whoever is typing in the password field to hit the 'Submit' button before it reads the password.php file, but you can read it first. Try to figure the rest out then go to the next step.
  6. How to Beat the Hackthissite.org Basic Missions Picture 15How to Beat the Hackthissite.org Basic Missions Picture 15
    Beat the Basic Mission 3. If you still haven't figured it out on your own, go to the main Basic Mission 3 page. Once you are there, up in the URL add 'password.php' to the end of it. It should look like this: https://www.hackthissite.org/missions/basic/3/password.php. Now hit Enter. The browser you are using should be able to read the PHP file and display what is inside. In this case, there should be a random number-letter sequence in the upper left-hand corner. Copy and paste this in the password field for Basic Mission 3 and hit 'Submit.' You have now completed Basic Mission 3 from HTS.
4 ★ | 30 Vote