DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.
I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).
As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).
Challenge Intro 4
This challenge is rated as Intro, so it might be easy to solve. The moment we click the challenge, a pop-up window shows up asking for a password. This is what we call a Basic Authentication method, where generally passwords are kept in a file (normally .htaccess) in base64 encoded format. When hitting cancel, we simply get back to the same page.
Using our beloved Google Chrome Dev Tolls (F12), let’s look into the code to check if there is anything interesting in there.
Well, there is not much to say here, the code shows right away the password we are meant to use on a script section. Just look for the string “var pass“ and you will find it.
See you on the next challenge.
