Facilitated by Ajay B, with other few participants.
First we were asked to register to the site. In registration, Password has 5 set of rules, never seen minimum characters as 15.
Then started with Introductions and Mission to learn security testing skills each basic mission for 10 minutes. There were different challenges, we started with Basic Missions
Weekend Testing 108 7-9-2014 We started with Basic Mission - 1
As a normal, I tried out first entering the login password, as it was showing Error - then re-checked mission again. Hint was HTML. So, we need to check if password is stored in HTML Source code commented. Ways of checking: 1. F12 Developer Tools Inspect Element 2. View Source of page And found the password was stored in comments.
Learning: As developers have a mistake of storing the values in comments, we need to check the source code of the elements.
Weekend Testing 108 7-9-2014 Next . Mission -2
As its said slightly tricky, I read the sentence again and understood that password matching file is not uploaded. So, just with Enter Click It got success message
Next Mission 3
Weekend Testing 108 7-9-2014 As we tried, F12 Inspect elements. We found that password is stored in password.php file. So, with the hint it was to append the file name at the end of the URL. And password is shown as: 0ca5b468 Next Mission 4
This one was slight different than other missions. As we used F12 Inspect element, We saw that Email address is given: sam@hackthissite.org in input tag. With the hint: that by changing the email address to our email address, we can get the password.
This could be another reason to use Old password, New Password in Change password page.
Weekend Testing 108 7-9-2014 Next Up was.. Mission 5
Just did the same trick of mission 4. Next and last tried was Mission 6
Weekend Testing 108 7-9-2014
But couldnt complete. As it looked complex for me.