Weekend Testing 108 7-9-2014

Facilitated by Ajay B, with other few participants.

First we were asked to register to the site.
In registration, Password has 5 set of rules, never seen minimum characters as 15.

Then started with Introductions and Mission to learn security testing skills each basic mission for
10 minutes.
There were different challenges, we started with Basic Missions





Weekend Testing 108 7-9-2014
We started with Basic Mission - 1


As a normal, I tried out first entering the login password, as it was showing Error - then re-checked
mission again. Hint was HTML.
So, we need to check if password is stored in HTML Source code commented.
Ways of checking:
1. F12 Developer Tools Inspect Element
2. View Source of page
And found the password was stored in comments.

Learning: As developers have a mistake of storing the values in comments, we need to check the
source code of the elements.







Weekend Testing 108 7-9-2014
Next . Mission -2


As its said slightly tricky, I read the sentence again and understood that password matching file is
not uploaded.
So, just with Enter Click It got success message

Next Mission 3


Weekend Testing 108 7-9-2014
As we tried, F12 Inspect elements. We found that password is stored in password.php file.
So, with the hint it was to append the file name at the end of the URL.
And password is shown as: 0ca5b468
Next Mission 4


This one was slight different than other missions.
As we used F12 Inspect element, We saw that Email address is given: sam@hackthissite.org in
input tag.
With the hint: that by changing the email address to our email address, we can get the password.

This could be another reason to use Old password, New Password in Change password page.



Weekend Testing 108 7-9-2014
Next Up was.. Mission 5


Just did the same trick of mission 4.
Next and last tried was Mission 6


Weekend Testing 108 7-9-2014

But couldnt complete. As it looked complex for me.