Tue, Jan 05, 21
Welcome back to my walkthrough of hackthissite.org’s CTF missions. I will be going through my thought process of how I solved these missions, and therefore also giving away the solutions. If you came across this to give you hints, watch out for spoilers! Good luck, have fun.
Similarly to the previous challenges we must discover a password to continue to the following challenge. Our hint is that Sam did indeed finally upload the password file, but that there are some deeper problems.
Inspecting the password form, I can see that there is a hidden input type of a file called password.php. This tells me that he compares the password entered with this hidden password file called password.php; this tells me that the file is loaded from www.hackthissite.org/missions/basic/3/password.php, so why dont we try and access this file directly? Well, Voila! This serves us the password in cleartext that we can simply copy paste to the form.