HackThisSite Basic Mission 4
--
Back to another basic mission where Sam decided to make a password so complex, but he fortunately made a backup to send the password to his email. However, that is the biggest flaw of this setup and should use another appropriate security measures.
Problem
Alright so Sam finally protected the password and cannot be easily accessed on the front end. However he uses a email script to send him the password. The main hint I’ll give you is to understand that values in the frontend can be easily manipulated.
Solution
Alright so the solution is pretty simple as if you’ve completed the previous missions successfully you’ll be able to figure out what’s going on here. So all we need to do is Inspect Element on the Send password to Sam button and see what the form is doing.
Ok great, so we got the value of where the email is sent to. If we just changed this email to ours and send the email, what do you think happens? That’s pretty much the solution to this problem. Just edit the email to be yours (the one you registered on Hack This Site) and click the button. If you check your inbox you’ll get the password and be able to complete the mission.
Explanation
Ability to maintain credentials is actually difficult, especially when maintaining multiple projects/sites/environments. The credentials need to be accessible in a secure way that a user can pull them down without having to do something crazy like sending an email to yourself. The credential for a page should also be encrypted and salted for any entry so if this credential slipped up then it won’t be easily crack-able without some serious processing power. The credentials should be accessed from a credential manager in some way that can be decrypted for administrative pages. Nowadays we have AWS secrets, Vault and several other services. In early 2000s services like Web Credentials Manager, Active Directory and so on. Worst case scenario passwords could be wrote down onto a piece of paper or internal server that can be accessed only on a specific network connection.
Thanks for the read.
