DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.
I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).
As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).
Challenge Intro 11
This challenge is rated as Intro, so it might be easy to solve. The author presents us only with a password form with a Login button again.
After a while using our friend Google Chrome Dev Tools (F12) to check the code, I couldn’t find anything special, so I believe this page doesn’t hold the information we need.
I’ve noticed that the page is a bit different than the rest of the challenges, as the URL contains an “?input” something I haven’t seen in other challenges. Having a “?something” represents the start of a query string. I couldn’t find the value INPUT anywhere in the code, so I’ve tried to run the same URL without “?input” but no visual changes were seen. I’ve compared the source and they are exactly the same output. Then I noticed that the second time I tried to check the code of the page, it was also looking at the same URL ending in ?input, so I was looking at the same page all along.
Then I tried to view the source directly on the page by accessing this as the URL: “view-source;https://defendtheweb.net/playground/intro11“, and there it was, the password hidden in the page.
Tricky one. See you on the next challenge!
