• Blog
• Plugins
• Code
• Guides
• Papers

54 Comments »

1. can i use this to hack my friends myspace or hack my friends hotmail i tried it but its really confusing
   also if this doesnt work how can i will it work by using this teqnique

   Comment by JAI — October 6, 2006 @ 1:08 am

2. JAI: I haven’t tried, but I doubt that any large corporation would leave such a security vulnerability. Whether it works or not, though, I do not condone any kind of malicious hacking and will certainly not support it in any way.

   Comment by Tim — October 6, 2006 @ 5:30 am

3. Hi tim.

   You Really Make the PEOPLE TOO UNEDUCATAED BY POSTING THE ANSWERS

   of HTS over here…

   i think you are making an “UNEDUCATAED TEAM”,
   who want to break the levels for points rather than learning

   Happy Ignorants assosiation started by this blogger fellow.

   Comment by learner — October 6, 2006 @ 7:29 pm

4. Hello, learner.

   Do you really think of the HackThisSite points as a measure for your hacking skills? HTS is an educational game, created to help people learn about security. Those points are nothing but help to create personal goals, as is clearly stated on several of HackThisSite.org’s pages.

   Sometimes you get stuck, and have no idea about what to do next. Sometimes, not even the well-written tutorials on HTS or their forums will help. These posts are for those unfortunate people who might have simply overlooked the answer, or be so clueless that they need straight advice.

   Also, I find it entertaining that you are unable to spell “uneducated”.

   Comment by Tim — October 6, 2006 @ 8:10 pm

5. javascript:alert(document.cookie=”level11_authorized=yes”)

   does the job as well, on any browser.

   Comment by ORz — October 8, 2006 @ 8:24 pm

6. ORz: Yes. Thanks, I had missed that. Note that to find out what to write, javascript:alert(document.cookie) is good.

   Comment by Tim — October 8, 2006 @ 8:34 pm

7. this is really great…. I have nothing else to say……. Simply great… it helped me out to clear a lots of concepts.

   Comment by Ibrahim — October 27, 2006 @ 9:00 pm

8. If you use Firefox 2, as far as I know, the “Error Console” will not work, you need to enter the code:

   javascript:alert(document.cookie=”level11_authorized=yes”)

   in the URL. It worked on

   /missions/basic/11/index.php

   but I heard that you can do it from 10 or 11. Thanks to ORz.

   Comment by Joe — November 19, 2006 @ 11:55 pm

9. Joe: Yes, that way would probably work, too. However, if you use it, you must know before-hand what to do. This means that it’s a poor solution if you want to learn anything.

   Comment by Tim — November 20, 2006 @ 6:26 am

10. TIM: I agree with your concept of educating those interested in improving their security precautions and understanding how it works through detailed explanation for those who find it necessary.

    Comment by blackwaters — November 27, 2006 @ 5:53 am

11. This is not working for me. I have tryed javascript:alert(document.cookie=”level11_authorized=yes”)
    in missions/basic/10/index.php and /basic/11/index.php
    in firefox and internet explorer. Am I doing something wrong? Any suggestions?

    Comment by Anonymous — November 29, 2006 @ 1:14 am

12. Anonymous: No, that’s right. Perhaps you should try using the Firefox extension that I mentioned in the post, since they might have changed the name of the cookie.

    Comment by Tim — November 29, 2006 @ 6:32 am

13. http://addneditcookies.mozdev.org/installation.html

    ADD AND EDIT for FF2

    Comment by Anonymous — December 16, 2006 @ 2:52 am

14. Add N’ Edit doesn’t work for FF2…. Is there an update anywhere? Or a similar program

    Comment by Dinko — December 24, 2006 @ 10:31 pm

15. I think some how my cookies arnt saving the file because i am not seeing it. Is there something i need to do for it to accept the cookie?

    Comment by Power — January 6, 2007 @ 11:21 pm

16. Ok, for all of you who are having problems with the url one, I’m not going to give you a spoiler, but the reason it is not working is because when you type it into your browser, you use an illegal character. So take a look at the string javascript:alert(document.cookie=”level11_authorized=yes”) look at it real hard. Do you notice anything different, I mean, different from the other characters? I assume that you found it. Now, what’s something that’s really close to that character. It’s almost looks the same. Do you know what it is yet? Once you do, just replace the wrong one with the right one. One last hint, on Fire Fox logs errors.

    Comment by Caleb — January 8, 2007 @ 9:42 am

17. to JAI: im trying the myspace thigny now but it might just work because i have heard of some lapses in myspace security and many people have hacked freinds accounts. ill tell you when i try it ttyl

    Comment by roastbeast — January 22, 2007 @ 11:13 pm

18. I randomly entered “poke” into the password box and it said I passed without me doing anything.

    Comment by Kasuten — February 27, 2007 @ 5:14 am

19. Kasuten, that’s weird. Perhaps the level was poorly designed by the HTS crew.

    Comment by Tim — February 27, 2007 @ 9:02 am

20. hello i have problem becouse i cann’t edit cokies i also cannt see it
    any suggestion…

    Comment by geo — February 28, 2007 @ 10:44 pm

21. oh i found my mistake..

    Comment by geo — February 28, 2007 @ 10:55 pm

22. I no when u check these u will c i have been jumping quick but this wun i dont even have a clue what 2 do

    Comment by DaVon — March 4, 2007 @ 12:21 am

23. Ok i got this wun, 2 thanks alot

    Comment by DaVon — March 4, 2007 @ 12:27 am

24. I’m confused, so I installed ff2, updated the add-ons for the cookie editor, logged back into HTS and refreshed the page loaded the cookie(I think) and now I’m done? Am I missing something or is that how its supposed to work?

    Comment by nvs625 — March 4, 2007 @ 7:56 am

25. nvs625: The important part is to edit the cookies, which it what you should use the plugin for.

    Comment by Tim — March 4, 2007 @ 8:40 am

26. Is there a way to check to cookie name and path without using firefox

    Comment by hey — April 11, 2007 @ 4:58 am

27. Nope im sorry only Fire Fox works for this atm

    Comment by Tony — April 11, 2007 @ 5:54 am

28. hey: I don’t know in which directory Internet Explorer saves its cookies, but if you find it out (it’s hidden somewhere), you can edit it in notepad in a similar way.

    Comment by Tim — April 11, 2007 @ 3:41 pm

29. You are a bunch of sad f*cks, whether or not you care about HTS.

    It is, as one poster mentioned, an honest attempt at making flaws visible, which is inherently difficult, without leaving the website itself vulnerable.

    I found it hard enough to do the first dozen missions without damaging the website, so I stopped; maybe I was being a bit too harsh. Posting cheats to get through the levels totally defeats the (honourable) point.

    Comment by Steve Parker — April 19, 2007 @ 12:36 am

30. Sorry but it doesn’t work anymore on level 10, Because I tried it and this spoiler looks like it’s been fixed?

    Comment by redlock — April 19, 2007 @ 8:49 am

31. help please i cant get the url

    Comment by Datingahacker — May 1, 2007 @ 9:35 pm

32. hey, im stuck, i have the cookie add and editor, im tryin to edit it but the nem, domain and path are all being blocked from being changed, and im not being able to edit anything other than the content. can u help ??

    Comment by fastbulet — July 1, 2007 @ 1:24 pm

33. dont worry i figured it out, i used the javascript injesction =] thanx for all the hlep =]

    Comment by fastbulet — July 1, 2007 @ 1:34 pm

34. … HELP ME ON CHALLENGE 3 I FEEL STUPID FOR NOT KNOWING HOW TO DO IT BUT THE GUYS TUTORIAL DOESN’T HELP ME

    Comment by Anonymous — July 4, 2007 @ 8:35 pm

35. Thanks a lot. Some of these missions require that you know a lot about off stuff to beat them, and stuff like this you can’t seem to learn too easily about. Even though I didn’t beat it all by myself, it opens up doors of how much more I have to learn. :)

    Comment by the_beast — July 13, 2007 @ 12:51 am

36. Nice to see Firefox eliteism in operation here.

    Comment by Firefox Sucks — August 12, 2007 @ 3:13 pm

37. I already beat level 9, and when I try to go to 10, it tells me that I must enter a password to get to 10. What password should I enter?

    Comment by C.J. — August 12, 2007 @ 8:19 pm

38. i dont have that cookie :/

    Comment by pSyChO mOnkee — August 24, 2007 @ 4:12 pm

39. Ok so i have original firefox installed on my system. I downloaded the cookie editor and input the information into the correct fields, but i still doesent allow me to view page. My friend told me he downloaded firefox, along with cookie editor and it worked fine… Do u think i might have to download firefox 2 instead?? Plz help, this is my last of the basics :)

    Comment by Dan — October 3, 2007 @ 1:02 am

40. Computer Security Tips…

    I couldn’t understand some parts of this article, but it sounds interesting…

    Trackback by Computer Security Tips — October 24, 2007 @ 6:09 am

41. Cool Myspace Layouts…

    I couldn’t understand some parts of this article, but it sounds interesting…

    Trackback by Cool Myspace Layouts — October 24, 2007 @ 8:28 am

42. Software Development Guide…

    I couldn’t understand some parts of this article, but it sounds interesting…

    Trackback by Software Development Guide — October 26, 2007 @ 5:20 pm

43. Put this in the name box…

    ‘ or 1=1 –

    Comment by Here is the solution — October 28, 2007 @ 10:05 pm

44. okay you guys i used the java injectoin (got it by myself, not from here) and put it in. then what? i typed in the whole http://www.hackthissite.com/missions/basic/11/index.php, but its not working

    Comment by dennis — October 29, 2007 @ 10:39 pm

45. Hey u guys. I figured out why it wasn’t working for me. Instead of using Add’n'Edit cookies (which btw doesnt work for me) I used the javascript code javascript:alert(document.cookie) and I came up as not what I had thought it would be, because when I typed javascript:alert(document.cookie=”level11_authorized=yes”), nothing happened. At first I thought I was typing it wrong so I tried to again, but when I couldnt get it to work. So I copied over what info i had got from the 1st javascript code (which was substantially longer than what i thaught: level10_authorized=yes; __utmz=198402870.1187867260.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmc=198402870; PHPSESSID=768f79add40c733d0d9a078cb08b8cfb; __utmb=198402870; __utma=198402870.1509095477.1187867260.1188206215.1194255410.9)
    I changed the yes to a no. Then I wrote javascript:alert(document.cookie=”") and put the long changed code in between the quotation marks. And, hey presto, the level which I had worked on for many long hours was complete.

    PS: I am not too good at computers yet like some of u 31337 H4X0Rs so feel free to correct me.

    Comment by Hex — November 5, 2007 @ 9:59 am

46. hi tim i just wanted to thank you for all the tips i fount in this guide^^ i passed a lot of levels like the unix command ones because of you, ‘cos i had never seen a unix sistem:P thanks a lot…
    Probably the ones who posted things insulting your work will think that i’m a cheater or something, well i just want to tell them that i didn’t used this guide to gain points or else, but just to learn things about internet security…

    Comment by avalz — January 23, 2008 @ 2:48 pm

47. ok well i kinda dont have firefox and i was wonderin how to do it withought firefox. i have internet explorer 7.0

    Comment by koolifafaf — February 1, 2008 @ 2:11 am

48. Thanks although i got stuck even with the hint of screen shot i went back to it exited this site had to google inurl:// find it but content “no” to yes it just snappped thank u lol

    Comment by raulh — March 12, 2008 @ 8:26 am

49. Now the cookie is called level10_authorised, not level11, and rather than going to http://www.hackthissite.org/missions/basic/11 to finish the mission, you push the submit password button after editing the cookie.

    Also, the people who use the tutorials as wheelchairs without actually wanting to learn aren’t going to BECOME part of the community. You aren’t creating an uneducated community because all those people are the 12 year olds sitting at their computers thinking ‘Hacking is cool lololololol’. Their ignorance doesn’t effect us in any way. Thanks for the helping hand tim!

    Comment by Gatuitous nudist — April 6, 2008 @ 1:01 am

50. i couldnt realise what to do, and online guides are the last resort.

    i cant find a level 11 authorised cookie.

    Comment by Will — May 18, 2008 @ 7:56 pm

51. Hi, sorry to bother you but wouldn’t level 10 be easer to hack if you just entered any old password to set the cookie to level10_autherized=no, then in the url window enter javascript:alert(document.cookie); to check the cookie and when you see the “no” then just enter into the url window:
    javascript:void(document.cookie=”level10_authorized=yes”);
    and bingo your done and CONGRATZ….
    Kind regards, James.

    Comment by Idletester — June 30, 2008 @ 4:46 am

52. Idletester: Yes, that is just another way of examining and editing cookies. Both work well.

    Comment by Tim — July 2, 2008 @ 7:38 am

53. hello, i tried everything i could and nothing seems to work. any advice?

    Comment by n00b_haxer — July 18, 2008 @ 12:28 am

54. By the way, there is no longer a cookie labeled “level_11″

    It is now called “level_10″

    I hope that clears up some confusion for everyone!

    Comment by Jordan — September 4, 2008 @ 8:07 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment