Need some help With Basic+ Level 3

spdpsin
10 years ago

0

I ’m sorry in advance for asking this again after all the discussions made in the forum for this level. My problem is that i have no Idea of how to solve this level. Right now I’m using Chrome but i also use Mozilla. Since now, the majority is recommending Tamper Data Add-On for Fire-Fox but my goal is not to go with the easy way. I would appreciate it if someone could give me either a link to study or some food for thought(hints would be preferable :) ).

77replies
24voices
794views
Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

Even if you ever wanted to complete Basic+ Level 3 by using add-on, you would have a lot of troubles. At this moment, the best method is to use a HTML form as previous threads already mentioned.

spdpsin
10 years ago

0

So i should just use the Inspect Element (Q) to tamper with the score send to the server ?


0

Don’t ask. Try. This is about trial and error.

spdpsin
10 years ago

0

I’m trying but i don’t know what I’m doing right now. I have a little experience with html and all the post (because i’m searching the previous posts) are confusing.

I wouldn’t mind if someone pointed some directions for me.


0

The only hint I can offer you at the moment is… try Intermediate 1 and 2. Who knows? Maybe you’ll get some ideas. :D

spdpsin
10 years ago | edited 10 years ago

0

Thanx I will !
Also after some researching i almost found a way but for some reason it doesn’t work…
I did this in the search form :

[spoiler]



[spoiler]
VI????????D [VirusHacked2702]
10 years ago | edited 10 years ago

0

Well, at least you know what you’re doing. Have you taken a look at the other threads? There’s plenty of hints scattered in there. Like this one:

[quote=freewind1012]Say, you want to send a letter (HTTP request) to Helen in Paris, France via a train. You have to know:
The right address (Paris, France). In this case, the right action.
The right name (Helen). In this case, the right name.
The right method (by train). In this case, the right method.
The right content (what you want to say and what she expects to read). In this case, the right value.

If one is wrong, everything will get messed up. [/quote]

Or in this case; two. :)

[deleted user]
10 years ago

0

@spdpsin : You are sending the value to a swf file. That will never work mate. swf is a flash file. You need to send it to the correct address. So think again.

[IAmDevil]
10 years ago

0

Lol yeah the address! What is the address? Think again and see the form you created. Is something missing there? Go check for it. You are nearly there but there is a last piece of puzzle you have to find! :)

Gaves
10 years ago

0

Basic+ level3.
Hi everyone, I need ur help,I read all ur forums and google and tried Tamper Data,nothing worked!
I’m stuck i’m on it since 2 days.
Can someone help me?!
thank you.

rushA [xzy123prog]
10 years ago | edited 10 years ago

0

You must have done something wrong as it should work with one of the methods you have listed.

Gaves
10 years ago

0

I read a lot of things for this level,and many hints lost my way!
The concept i understood but how to do it,i’m not succedding.
For example to add a POST/GET in the form,I go to Examin the element and put in the “Console”.
He tells me,Get not defined…I’m doing something wrong probably but what?!I donno!
Thank u for ur replie!

Gaves
10 years ago

0

I give up!

rushA [xzy123prog]
10 years ago | edited 10 years ago

0

Basically there are two ways of completing this level as you may be aware, or were anyway, as one of them doesn’t really work anymore.
Also are you sure you have read all the other threads as some of them give a lot of information, even too much sometimes.
I have had a brief read through some of them such as this one which has a lot of information and some good links to websites which can help you solve the level.
https://www.hackthis.co.uk/forum/level-discussion/basic-levels/basic-level-3/4234-could-someone-tell-me-if-im-close-or-not?page=1


0

I have completed this level but was just wondering why the tamper data doesn’t work anymore. Any explanation would be appreciated.

rushA [xzy123prog]
10 years ago

0

I tried it a couple of hours ago and it didn’t work. I could PM you the reason as in case it does work again then I won’t be giving anything away on the forums.


0

Would appreciate it @xzy123prog

[deleted user]
10 years ago

0

@Gaves : Don’t give up. If you want to learn something then don’t ever give up. You just need the POST method to complete this level. Create a form and then post the details to the correct address. The only problem is to get the correct address which is also not that hard if you look carefully.

@xzy123prog & @Greyhatfool : I think @flabbyrabbit would be able to let us know why Tamper Data is not working. It was working in the previous version but not in this version of HT!!.

Gaves
10 years ago

0

Thank you xzy123prog & tlotr.You gave me hope to restart again…
Anyway,there is a way to thank you,i donno,for example giving you points or grades or “+1” ,anything like that on this site?

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

@Gaves: Earn 3000+ points and post 10 posts in forum to get Karma. This medal gives you the ability to give +ve karma (as Thanks in another forums).

Gaves
10 years ago | edited 10 years ago

0

Hi,can you tell me where is wrong?!I have a error msg: SYntax error when i put the form in the “Console”:

thank you.
Admin: Added spoiler tags. Even if it’s not a working answer, it’s pretty close.

VI????????D [VirusHacked2702]
10 years ago | edited 10 years ago

0

Check your input name.

Edit: freewind1012 is right, your post almost gives the answer away.


0

@Gaves: I don’t consider your post as a question anymore.

[deleted user]
10 years ago | edited 10 years ago

0

Ya like what @VirusHacked2702 said and second that address is wrong.

You should try to submit the score once and then see the changes the browser makes.

Hope this doesn’t give much info.

Edit: Yes I agree with freewind1012. You should put that into spoiler tags.

Gaves
10 years ago

0

ok,sorry how we do the spolier?!
I put it coz it’s incorrect,if u you want Freewind1012,i delete that post?

[deleted user]
10 years ago | edited 10 years ago

0

@Gaves : You can use spoiler tags like these [ spoiler ] to open without spaces [/ spoiler ] to close spoiler tag again without the spaces.

daMage
10 years ago

0

@Gaves did you enter that HTML snippet to JAVASCRIPT console? I think I know why you got the syntax error…

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

Off-topic

@daMage: It was such a long time to see you again. How are you these days?

daMage
10 years ago | edited 10 years ago

0

@freewind1012: nice to see you too :)

I’ve been busy (surprisingly)… I’ve been working with a custom vulnerable liveCD to teach a couple juniors at work how to exploit the most common web application vulnerabilities. I now have 6 SQLi levels ranging from simple SQL Tautology injection to error based injection. Now I’m working on the XSS levels and I’m using CasperJS with them…

The goal is to teach how to exploit different kinds of situations that I’ve seen on live systems not so much how to find the exploits. When I’ve been working with the newbies/juniors in the field, they sometimes have trouble determining if some scanner results are false positives or not and that’s why I want to teach them how to test different things manually.

How are you?

jayssj11
10 years ago

0

daMage is back . now he will claim his 1st position lol .

by the way Gaves : care to read older threads .

[deleted user]
10 years ago

0

[quote=daMage]When I’ve been working with the newbies/juniors in the field, they sometimes have trouble determining if some scanner results are false positives or not and that’s why I want to teach them how to test different things manually.[/quote]

I too have found this when working with up-and-coming pentesters. The main thing as you likely know is experience. Automated tools can’t really be relied on for everything, and when pentesting I use them only to ensure I covered my bases rather than rely on them for accurate findings :)

daMage
10 years ago

0

[quote=sabretooth]I use them only to ensure I covered my bases rather than rely on them for accurate findings [/quote]
Exactly. The key is to know what your scanners find and what they don’t. Then test manually for the things they don’t find to cover everything ;)

BlackBox [Ransetsu]
10 years ago

0

the correct action is right in front of your face. even before you view the source.

Gaves
10 years ago

0

Hi daMage,can you tell me why I get the syntax errors?Coz i tried in the other who check the results of ur code,and the result is correct!
I do right click on the page(with Mozilla) and click on “Examine the element” then “Console” and then I put my code!


0

@Gaves: Did you mean web console or browser console in Mozilla Firefox? Don’t you think it is used for logging?

Gaves
10 years ago

0

to freewind1012: Web console

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

[quote=Firefox Developer Tools]enables you to interact with a web page by executing JavaScript expressions in the context of the page[/quote]
This level is about HTTP requests, not JavaScript vulnerabilities.

[quote=Tamper Data]Use tamperdata to view and modify HTTP/HTTPS headers and post parameters…[/quote]
You can see that it is all about HTTP requests. However, the add-on which we had recommended before does not work properly anymore so we have to change the method to complete Basic+ Level 3: to edit a HTML form to send a POST request. I repeat: a HTML form! Where can you find a “tool” to edit HTML source code in a browser?

[deleted user]
10 years ago

0

[quote=freewind1012]Where can you find a “tool” to edit HTML source code in a browser? [/quote]

Or create your own! (Form, not tool) ;)

[deleted user]
10 years ago

0

Firebug or inspect element

Gaves
10 years ago

0

tlotr: I was doing inspect element then console,and what understood from freewind1012 that is only for javascript.
But Firebug I’m already on it,i must try!

Gaves
10 years ago

0

I finished Basic+ all the levels except the LEVEL 3!HHHELP!

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

[quote=Gaves]I was doing inspect element then console,and what understood from freewind1012 that is only for javascript.[/quote]

I did not mean that. Get your fact straight and call the name right. There are a lot of built-in features in Mozilla Firefox’s Web Developer tool such as Web Console, Inspector, Debugger

Mystery [kapuccino]
10 years ago

0

@Gaves: Did you really solve all main levels? There is a level which is similar to this case.

Lyess [Arawnfr]
10 years ago

0

I follow this thread from the begining and i’m already stuck at this step. I solve all main levels kapuccino but i did not know which level you mean (sorry for english i am a french guy).

Kabalion [Slyfox23]
10 years ago

0

i know you have to use the post method…..if you look in older threads people have given plenty of links that will direct you to the information needed to beat this challenge if you are not familiar with HTML. i am still trying to beat the challenge my self……but i have come to learn alot just going over the old threads and really researching the material given.

Lyess [Arawnfr]
10 years ago | edited 10 years ago

0

I use all informations, links, addons given. Think the reason why i can’t complete this level is i don’t know how use those helps.

Kabalion [Slyfox23]
10 years ago

0

what browser are you using Arawnfr??

Gaves
10 years ago

0

I mean basic+ from level1 to level 5,except the level 3.

[deleted user]
10 years ago

0

@Gaves : The simple way to complete this level is create a form and then post the value. This is currently the best and easy way to complete the level.

Lyess [Arawnfr]
10 years ago | edited 10 years ago

1

to Slyfox : i using chrome and mozilla.
to tlotr : i understand how work the form but i don’t know from where i’m supposed post the value

[deleted user]
10 years ago | edited 10 years ago

1

@Arawnfr : You need to post the value from the form you are creating.

Okay what you can do is create the form and try it once if it doesn’t work then PM me the form that you have created.

Hint: When you create the form the most important is the Action attribute, you need to mention the correct address over here or else it won’t work the second important thing is putting the correct word for the name attribute and that word should be equal to the value need to post.

Gaves
10 years ago

0

I found it! thanks all of u and specially tlotr who was very patient with me and gave good hints and advices…


0

Thanks God because it has ended. You posted around 3 pages just to complete the level you did not understand well.

Gaves
10 years ago

0

Freewind1012,how can you tell me that I didn’t understand well?!What’s ur problem?!

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

As I told you before: You had submitted wrong action, wrong name and had edited the source code in a wrong location.

kakarot007
10 years ago

0

read older threads !!!!

vonpimpo
10 years ago | edited 10 years ago

1

please tell me whats wrong about this code concerning Basic/Level 3:

Edit: removed spoiler

[deleted user]
10 years ago

0

Please edit that. It is so close to the solution it might as well be :P

vonpimpo
10 years ago

0

the first one above or the one directly below it

Luke [flabbyrabbit]
10 years ago

0

This seems to be the most obviously wrong line (although it might just be a typo when copying it into your post)

<input type="submite" value="valided" />

vonpimpo
10 years ago

0

i am completely blocked at that level because i have no other ideas on what to add or delete or replace. what about this one:

    <input type="submit"  value="valided" />
[deleted user]
10 years ago

0

@vonpimpo Compare this to what a normal form looks like on a different level :) Then you will see the mistake :)

vonpimpo
10 years ago

0

ok thanks

vonpimpo
10 years ago

0

sabretooth, i inserted the forn and on reloading the page the submit button appear and when i clicked on it noting happens, the page simply reload it self.

vonpimpo
10 years ago

0

thanks to every one especially to @sabretooth i succeeded

johnny_virus
10 years ago

0

Hi Every one , I am using Mozilla FireFox.I read all the posts and understood that we need to use the Form and Post method to send the exact Score to the URL.I tried adding the Form Tag to the End of the div tag where the description of the issue is shown but still no results.
Can you please direct me and let me know if I am doing anything wrong ?

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

@johnny_virus: You don’t need to add anything.

There is already a form in the source code. Just edit it.

johnny_virus
10 years ago

0

@freewind1012 thanks for the clue…. I completed the challenge with the help of @arkgain …!!

heavenangel
10 years ago | edited 10 years ago

0

i tried everything , every hint… sigh :s
idk what i’m not doing right.

<form action="http://www.hackthis.co.uk/levels/b3.php?submit" method="post">  
 <input type="hidden" name="Final-Score" value="194175"> </input>  

         <button>Submit</buttom>  
</form  
md123
10 years ago

0

I edited the form from the code source but i must be wrond in my form action writing… Can i MP somebody to know what’s wrong

[deleted user]
10 years ago

0

@heavenangel : You are so close. There is just one mistake. Also I would suggest that you put your code in spoiler cause it’s way too much information. :)

heavenangel
10 years ago | edited 10 years ago

0

Sorry , i’m still new, dont know how to do that as yet.

What is the mistake?

[deleted user]
10 years ago

0

@heavenangel : Well I can’t tell you what is the mistake because that would make your code work. It’s just a minor mistake. If you analyze it again you will figure it out. Best Of Luck. :)

penguinbin.murphy
10 years ago

0

OK dude!
just wanna share a hints which I spent 11 hours (including 8 hours of sleep :) ) on this level….

I sent the request to NON-SSL instead of the correct protocol it should be!!

dtek
10 years ago

0

there is no point to be stuck in a level if there is no solution provided for those who struggle
so for that reason i give up.
i don’t any help or solution just people talkin gto show off their skills
i though it was a place to share and learn and when you are stuck no body show the answer in order to learn why we couldn’t solved it.
it was a nice website but i’m done
cheers

Richard Brook [RichardBrook]
10 years ago | edited 10 years ago

0

You are wrong, this is not a place to exactly learn although we learn things in articles, I’ve learned many things just by people giving me hints, I know new programs that help me solve the levels, new methods of steganography, cryptography, etc. You test yourself with the challenges made in this website, people will OBVIOUSLY NOT give you the solution, if you can’t pass the levels made here too bad, I don’t know how to pass some either and I don’t cry, I learn new things so I can pass it. AND ….bye bye

P.S: And it would be nice if you put some commas in your sentences , because it was hard to decrypt what you said with missing words. :)

Mugi [Mugiwara27]
10 years ago

0

Yeah I think like RichardBrook.
That’s true there are a lot of hint ( almost the solution ) about the first levels.
You’ll end up more levels, the more it will be hard to find help in the forum.
Me too, with articles I’ve learnt, but with levels, I’ve learnt a lot about Cryptography, Steganopraphy, Sql injection, Coding, Python coding, scanning…
I am still learning things with new levels like Crypt 9 :)

You must be logged in to reply to this discussion. Login
1 of 78

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss