Basic Missions 1-11 – Writeup


This is a writeup for the basic missions from

Basic One

Basic One: Screenshot 1

The hint for this task caused me to think of the html source as this is a common entry level task

Basic One: Screenshot 2

Within the html source I was able to find the password


I then used this to login

Basic One: Screenshot 3

Basic Two

Basic Two: Screenshot 1

Here I thought, if it was simply comparing two strings and one was missing, if it didn't crash it would be comparing to a blank string. So I submitted an empty password

Basic Two: Screenshot 1

Basic Three

Basic Three: Screenshot 1

I started by checking the source code, where I found a link to /password.php

Basic Three: Screenshot 2

So I went to

Basic Three: Screenshot 3

Now with a password


I used it to login

Basic Three: Screenshot 4

Basic Four

Basic Four: Screenshot 1

Upon inspecting the source code I found the email was set in the html

Basic Four: Screenshot 2

I then changed the email to my own email and clicked the button to send the it. When I checked my email I had the password

Basic Four: Screenshot 3


Using this to login

Basic Four: Screenshot 4

Basic Five

Basic Five: Screenshot 1

This looked similar to the last one, so I repeated the process

Basic Five: Screenshot 2

Basic Five: Screenshot 3


Then I logged in

Basic Five: Screenshot 4

Basic Six

Basic Six: Screenshot 1

On this task I carried out a bit of trial and error, and deduced that the encryption merely added the 0-indexed position of the character, to the characters ASCII code, as such I could reverse it by subtracting that value. Which led to the password


Basic Six: Screenshot 2

Basic Seven

Basic Seven: Screenshot 1

This looked like an easy command injection based on the hint, so I submitted

; ls -la

Basic Seven: Screenshot 2

I then navigated to to get the password

Basic Seven: Screenshot 3


Using this I progressed to the next level

Basic Seven: Screenshot 4

Basic Eight

Basic Eight: Screenshot 1

To started with I entered "test"

Basic Eight: Screenshot 2

I then clicked on "here"

Basic Eight: Screenshot 3

In this file I noticed the extension was .shtml which meant I may be able to inject a server side include to find the password. So I injected

<!-- #exec cmd="ls ../" -->

Basic Eight: Screenshot 4

I then navigated to

Basic Eight: Screenshot 5


Using this I logged in again

Basic Eight: Screenshot 6

Basic Nine

Basic Nine: Screenshot 1

To do this, I went back to level 8 and injected

<!--#exec cmd="ls ../../9" -->

Using directory traversal to get the location of the password

Basic Nine: Screenshot 2

To get the password I went to

Basic Nine: Screenshot 3


Which led to

Basic Nine: Screenshot 4

Basic Ten

Basic Ten: Screenshot 1

I tried looking around, then a random password. When I noticed in the response there was a cookie, upon inspection it seemed the cookie was used for auth

Basic Ten: Screenshot 2

I set the value to "yes" then tried another random password

Basic Ten: Screenshot 3

Basic Eleven

Basic Eleven: Screenshot 1

I found the on every load the name of the song changed. To start I tried to access .htaccess but could not. I then tried /index.php

Basic Eleven: Screenshot 2

Now knowing where to put the password once I had it. I began to dig some more, trying some directories, I then found /e

Basic Eleven: Screenshot 3

I followed the directories down to which was blank, I then tried .htaccess again

Basic Eleven: Screenshot 4

This led me to going to

Basic Eleven: Screenshot 5

I tried looking for some more files to do with it, but found nothing. So I decided to take the hint literally and try "available" as the password

Basic Eleven: Screenshot 6

And that was basic 11 done and with that, all the basic missions

Leave a Reply

Your email address will not be published. Required fields are marked *