HackThis main level 3 write up
Coming to level 3, new things have appeared. Viewing source code and searching “password” can’t give you any hints 🙂 So why don’t just come back to the login page of level 3, hitting the submit button and just see what will happen?

This is an alert window of javascript (again, who wants to do web app hacking better know some basic HTML, javascript and other things related). So let’s check how the script for log-in is written. Searching “script” in the source code and see what we’ve found:

This piece of javascript is checking whether the username is equal to heaven and the password is equal to hell. If they are not, the error message we saw will be popped up. So you know the correct username and password now 🙂
Originally published at katsuragicsl.wordpress.com on September 9, 2018.
