DefendTheWeb Playground Challenge Intro 9

DefendTheWeb.net, previously called HackThis.co.uk, is a very famous and well-known interactive security platform where you can learn and challenge your skills.. It contains challenges from several different cybersecurity fields.

I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).

As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).

Challenge Intro 9

This challenge is rated as Intro, so it might be easy to solve. The author presents us with a login/password form with a Login button, followed by a “Request password” and an e-mail field.

After a while using our friend Google Chrome Dev Tools (F12) to check the code, especifically on the username/password form, we find this:

This is the HTML code of the E-mail portion of the challenge. Notice that there is a hidden field called email2 with value “admin@defendtheweb.net“, so it is very obvious that we need to change this field to our personal e-mail to be able to get the password.

Just go to the code using Google Dev Tools (F12), change the value to your own email, and then go back to the form, including the same email on the Email field and hit [ Request ] Button.

There we have it, the password. I hope you enjoyed this one, see you on the next challenge!