Need some help With Basic+ Level 3

Even if you ever wanted to complete Basic+ Level 3 by using add-on, you would have a lot of troubles. At this moment, the best method is to use a HTML form as previous threads already mentioned.

So i should just use the Inspect Element (Q) to tamper with the score send to the server ?

Don’t ask. Try. This is about trial and error.

I’m trying but i don’t know what I’m doing right now. I have a little experience with html and all the post (because i’m searching the previous posts) are confusing.

I wouldn’t mind if someone pointed some directions for me.

The only hint I can offer you at the moment is… try Intermediate 1 and 2. Who knows? Maybe you’ll get some ideas. :D

Thanx I will !
Also after some researching i almost found a way but for some reason it doesn’t work…
I did this in the search form :

[spoiler]

Well, at least you know what you’re doing. Have you taken a look at the other threads? There’s plenty of hints scattered in there. Like this one:

[quote=freewind1012]Say, you want to send a letter (HTTP request) to Helen in Paris, France via a train. You have to know:
The right address (Paris, France). In this case, the right action.
The right name (Helen). In this case, the right name.
The right method (by train). In this case, the right method.
The right content (what you want to say and what she expects to read). In this case, the right value.

If one is wrong, everything will get messed up. [/quote]

Or in this case; two. :)

@spdpsin : You are sending the value to a swf file. That will never work mate. swf is a flash file. You need to send it to the correct address. So think again.

Lol yeah the address! What is the address? Think again and see the form you created. Is something missing there? Go check for it. You are nearly there but there is a last piece of puzzle you have to find! :)

Basic+ level3.
Hi everyone, I need ur help,I read all ur forums and google and tried Tamper Data,nothing worked!
I’m stuck i’m on it since 2 days.
Can someone help me?!
thank you.

You must have done something wrong as it should work with one of the methods you have listed.

I read a lot of things for this level,and many hints lost my way!
The concept i understood but how to do it,i’m not succedding.
For example to add a POST/GET in the form,I go to Examin the element and put in the “Console”.
He tells me,Get not defined…I’m doing something wrong probably but what?!I donno!
Thank u for ur replie!

I give up!

Basically there are two ways of completing this level as you may be aware, or were anyway, as one of them doesn’t really work anymore.
Also are you sure you have read all the other threads as some of them give a lot of information, even too much sometimes.
I have had a brief read through some of them such as this one which has a lot of information and some good links to websites which can help you solve the level.
https://www.hackthis.co.uk/forum/level-discussion/basic-levels/basic-level-3/4234-could-someone-tell-me-if-im-close-or-not?page=1

I have completed this level but was just wondering why the tamper data doesn’t work anymore. Any explanation would be appreciated.

I tried it a couple of hours ago and it didn’t work. I could PM you the reason as in case it does work again then I won’t be giving anything away on the forums.

Would appreciate it @xzy123prog

@Gaves : Don’t give up. If you want to learn something then don’t ever give up. You just need the POST method to complete this level. Create a form and then post the details to the correct address. The only problem is to get the correct address which is also not that hard if you look carefully.

@xzy123prog & @Greyhatfool : I think @flabbyrabbit would be able to let us know why Tamper Data is not working. It was working in the previous version but not in this version of HT!!.

Thank you xzy123prog & tlotr.You gave me hope to restart again…
Anyway,there is a way to thank you,i donno,for example giving you points or grades or “+1” ,anything like that on this site?

@Gaves: Earn 3000+ points and post 10 posts in forum to get Karma. This medal gives you the ability to give +ve karma (as Thanks in another forums).

Hi,can you tell me where is wrong?!I have a error msg: SYntax error when i put the form in the “Console”:

thank you.
Admin: Added spoiler tags. Even if it’s not a working answer, it’s pretty close.

Check your input name.

Edit: freewind1012 is right, your post almost gives the answer away.

@Gaves: I don’t consider your post as a question anymore.

Ya like what @VirusHacked2702 said and second that address is wrong.

You should try to submit the score once and then see the changes the browser makes.

Hope this doesn’t give much info.

Edit: Yes I agree with freewind1012. You should put that into spoiler tags.

ok,sorry how we do the spolier?!
I put it coz it’s incorrect,if u you want Freewind1012,i delete that post?

@Gaves : You can use spoiler tags like these [ spoiler ] to open without spaces [/ spoiler ] to close spoiler tag again without the spaces.

@Gaves did you enter that HTML snippet to JAVASCRIPT console? I think I know why you got the syntax error…

Off-topic

@daMage: It was such a long time to see you again. How are you these days?

@freewind1012: nice to see you too :)

I’ve been busy (surprisingly)… I’ve been working with a custom vulnerable liveCD to teach a couple juniors at work how to exploit the most common web application vulnerabilities. I now have 6 SQLi levels ranging from simple SQL Tautology injection to error based injection. Now I’m working on the XSS levels and I’m using CasperJS with them…

The goal is to teach how to exploit different kinds of situations that I’ve seen on live systems not so much how to find the exploits. When I’ve been working with the newbies/juniors in the field, they sometimes have trouble determining if some scanner results are false positives or not and that’s why I want to teach them how to test different things manually.

How are you?

daMage is back . now he will claim his 1st position lol .

by the way Gaves : care to read older threads .

[quote=daMage]When I’ve been working with the newbies/juniors in the field, they sometimes have trouble determining if some scanner results are false positives or not and that’s why I want to teach them how to test different things manually.[/quote]

I too have found this when working with up-and-coming pentesters. The main thing as you likely know is experience. Automated tools can’t really be relied on for everything, and when pentesting I use them only to ensure I covered my bases rather than rely on them for accurate findings :)

[quote=sabretooth]I use them only to ensure I covered my bases rather than rely on them for accurate findings [/quote]
Exactly. The key is to know what your scanners find and what they don’t. Then test manually for the things they don’t find to cover everything ;)

the correct action is right in front of your face. even before you view the source.

Hi daMage,can you tell me why I get the syntax errors?Coz i tried in the other who check the results of ur code,and the result is correct!
I do right click on the page(with Mozilla) and click on “Examine the element” then “Console” and then I put my code!

@Gaves: Did you mean web console or browser console in Mozilla Firefox? Don’t you think it is used for logging?

to freewind1012: Web console

[quote=Firefox Developer Tools]enables you to interact with a web page by executing JavaScript expressions in the context of the page[/quote]
This level is about HTTP requests, not JavaScript vulnerabilities.

[quote=Tamper Data]Use tamperdata to view and modify HTTP/HTTPS headers and post parameters…[/quote]
You can see that it is all about HTTP requests. However, the add-on which we had recommended before does not work properly anymore so we have to change the method to complete Basic+ Level 3: to edit a HTML form to send a POST request. I repeat: a HTML form! Where can you find a “tool” to edit HTML source code in a browser?

[quote=freewind1012]Where can you find a “tool” to edit HTML source code in a browser? [/quote]

Or create your own! (Form, not tool) ;)

Firebug or inspect element

tlotr: I was doing inspect element then console,and what understood from freewind1012 that is only for javascript.
But Firebug I’m already on it,i must try!

I finished Basic+ all the levels except the LEVEL 3!HHHELP!

[quote=Gaves]I was doing inspect element then console,and what understood from freewind1012 that is only for javascript.[/quote]

I did not mean that. Get your fact straight and call the name right. There are a lot of built-in features in Mozilla Firefox’s Web Developer tool such as Web Console, Inspector, Debugger…

@Gaves: Did you really solve all main levels? There is a level which is similar to this case.

I follow this thread from the begining and i’m already stuck at this step. I solve all main levels kapuccino but i did not know which level you mean (sorry for english i am a french guy).

i know you have to use the post method…..if you look in older threads people have given plenty of links that will direct you to the information needed to beat this challenge if you are not familiar with HTML. i am still trying to beat the challenge my self……but i have come to learn alot just going over the old threads and really researching the material given.

I use all informations, links, addons given. Think the reason why i can’t complete this level is i don’t know how use those helps.

what browser are you using Arawnfr??

I mean basic+ from level1 to level 5,except the level 3.

@Gaves : The simple way to complete this level is create a form and then post the value. This is currently the best and easy way to complete the level.

to Slyfox : i using chrome and mozilla.
to tlotr : i understand how work the form but i don’t know from where i’m supposed post the value

@Arawnfr : You need to post the value from the form you are creating.

Okay what you can do is create the form and try it once if it doesn’t work then PM me the form that you have created.

Hint: When you create the form the most important is the Action attribute, you need to mention the correct address over here or else it won’t work the second important thing is putting the correct word for the name attribute and that word should be equal to the value need to post.

I found it! thanks all of u and specially tlotr who was very patient with me and gave good hints and advices…

Thanks God because it has ended. You posted around 3 pages just to complete the level you did not understand well.

Freewind1012,how can you tell me that I didn’t understand well?!What’s ur problem?!

As I told you before: You had submitted wrong action, wrong name and had edited the source code in a wrong location.

read older threads !!!!

please tell me whats wrong about this code concerning Basic/Level 3:

Edit: removed spoiler

Please edit that. It is so close to the solution it might as well be :P

the first one above or the one directly below it

This seems to be the most obviously wrong line (although it might just be a typo when copying it into your post)

<input type="submite" value="valided" />

i am completely blocked at that level because i have no other ideas on what to add or delete or replace. what about this one:

    <input type="submit"  value="valided" />

@vonpimpo Compare this to what a normal form looks like on a different level :) Then you will see the mistake :)

ok thanks

sabretooth, i inserted the forn and on reloading the page the submit button appear and when i clicked on it noting happens, the page simply reload it self.

thanks to every one especially to @sabretooth i succeeded

Hi Every one , I am using Mozilla FireFox.I read all the posts and understood that we need to use the Form and Post method to send the exact Score to the URL.I tried adding the Form Tag to the End of the div tag where the description of the issue is shown but still no results.
Can you please direct me and let me know if I am doing anything wrong ?

@johnny_virus: You don’t need to add anything.

There is already a form in the source code. Just edit it.

@freewind1012 thanks for the clue…. I completed the challenge with the help of @arkgain …!!

i tried everything , every hint… sigh :s
idk what i’m not doing right.

<form action="http://www.hackthis.co.uk/levels/b3.php?submit" method="post">  
 <input type="hidden" name="Final-Score" value="194175"> </input>  

         <button>Submit</buttom>  
</form  

I edited the form from the code source but i must be wrond in my form action writing… Can i MP somebody to know what’s wrong

@heavenangel : You are so close. There is just one mistake. Also I would suggest that you put your code in spoiler cause it’s way too much information. :)

Sorry , i’m still new, dont know how to do that as yet.

What is the mistake?

@heavenangel : Well I can’t tell you what is the mistake because that would make your code work. It’s just a minor mistake. If you analyze it again you will figure it out. Best Of Luck. :)

OK dude!
just wanna share a hints which I spent 11 hours (including 8 hours of sleep :) ) on this level….

I sent the request to NON-SSL instead of the correct protocol it should be!!

there is no point to be stuck in a level if there is no solution provided for those who struggle
so for that reason i give up.
i don’t any help or solution just people talkin gto show off their skills
i though it was a place to share and learn and when you are stuck no body show the answer in order to learn why we couldn’t solved it.
it was a nice website but i’m done
cheers

You are wrong, this is not a place to exactly learn although we learn things in articles, I’ve learned many things just by people giving me hints, I know new programs that help me solve the levels, new methods of steganography, cryptography, etc. You test yourself with the challenges made in this website, people will OBVIOUSLY NOT give you the solution, if you can’t pass the levels made here too bad, I don’t know how to pass some either and I don’t cry, I learn new things so I can pass it. AND ….bye bye

P.S: And it would be nice if you put some commas in your sentences , because it was hard to decrypt what you said with missing words. :)

Yeah I think like RichardBrook.
That’s true there are a lot of hint ( almost the solution ) about the first levels.
You’ll end up more levels, the more it will be hard to find help in the forum.
Me too, with articles I’ve learnt, but with levels, I’ve learnt a lot about Cryptography, Steganopraphy, Sql injection, Coding, Python coding, scanning…
I am still learning things with new levels like Crypt 9 :)