Tue, Jan 05, 21
Welcome back to my walkthrough of hackthissite.org’s CTF missions. I will be going through my thought process of how I solved these missions, and therefore also giving away the solutions. If you came across this to give you hints, watch out for spoilers! Good luck, have fun.
Similarly to the previous challenges we must discover a password to continue to the following challenge. Our hint is that Sam hardcoded the password into the script that checks the password entered. Thankfully, Sam also added a script onto this webpage that would send him this password with a press of a button! Lets see what we can do with this send password to sam button.
Inspecting this button, we see that there is a hidden input of the recipient of this email, so by changing the value of this input to my personal email, we would get sent the password! After changing the email & pressing the button we see that the email entered must match our hts account so I had to double back since I used another email. Voila! I have now received the password in my email and can easily copy paste it into the form to continue to the next mission.