Cookies?

no no thats not necessary you are overthinking it you need to use firebug or chromes javascript console this can be done via javascript or jquery i believe i cant get it to work for me fuck it

I’d much rather do it in Python. It’s already written up and it only took me about 40 well formatted lines of code. What do I have to do to bypass the 403 error?

make sure that you just use your user name and do all of it i assume as for the pytho i bet you want to use a cookie across the session of the level

wheres the cookies ?

i don’t know i guess hes trying to use 40 lines of code for a 5 or 6 liner i don’t know why maybe he prefers it but you probably need to authenticate wit the site

Why would I not prefer it? If I know how to do it very easily in one language (plus, I already had the framework made up from a MUCH more difficult mission on Enigma Group), then why would I bother doing it in a separate language? It’s not even close to a difficult problem to solve, I’m just too lazy to look up syntax for doing it in another language. I don’t see it being a tough concept: if I can write 40 lines of code in ten minutes, then why would I spend several hours looking up syntax, etc. just to do it in a 5 lines in a different one?

i agree but if you can beat it easily what type of framework do you have? did you code it i have some crazy shit called the 0 day framework it is a priavte source from someone i know its insane

i love it

i never thought about trying that in python intersting id like to see your code if you dont mind when your done see what im doing wrong

I would say there is also cookies if you receive a 403… Try to examinate the query sent by your browser when you access the page normally…

Also, I would really recommend that you try to initiate yourself to Javascript… It’s not a big deal if you are used to programmation… And it’s a great part of the learning process…

DaGr8

You can use selenium with python, it will handle cookies for you.

did it in php/curl, it logged in and did the job in no time, 30 lines of code or so if i remember good.

I think the reason you are getting a 403 error, even with your own valid session id, is because the session cookie also holds information to identify the browser and IP of the user it was created with. This is done to prevent xss; even if you were to steal someone’s cookie it wouldn’t matter, as your browser and IP wouldn’t match the values stored in the session (ie. the real user’s values).

See https://github.com/HackThis/hackthis.co.uk/blob/master/files/class.user.php#L18 for how this is implemented in the upcomming version of HackThis. I would guess the current system works the same way.

One way to get around this (assuming you are using the same IP and that the current site’s check is in fact the same as the upcoming one) would be to specify the USER_AGENT string in your Python script to match the one used by your browser. The user agent string can be found in the global “navigator.userAgent” javascript property, or you could visit some site such as http://www.whatsmyuseragent.com/.

Hope that helps, good luck!

And about posting solutions, or almost working solutions, please keep that to the completed forum section of the level. http://www.hackthis.co.uk/forum/level-discussion/coding-level-1-completed, which can be accessed only after completing the level.

Mark as answer

I didn’t know about the completed side of the forum!!! Where are the moderators when you need one! :D

DaGr8