TryHackMe: How the Web Works — How Websites Work a Walkthrough
This is a step-by-step walkthrough of TryHackMe’s How Websites Work room, with screenshots.
Task 1: How websites work
Question 1: “What term best describes the side your browser renders a website?
Per THM: Client side
Task 2: HTML
Click “View Site”
Question 2:
Question 3: “One of the images on the cat website is broken — fix it, and the image will reveal the hidden text answer!”
When you click on “View Site” this will pop up in your browser.
Add jpg to the code (next to the arrow). Click “Render HTML Code”.
This will fix the picture and it will show in the bottom half of the page, and the flag will be revealed.
Question 4: “Add a dog image to the page by adding another img tag (<img>) on line 11. The dog image location is img/dog-1.png”
As seen in the screenshot below, simply add <img src=’img/dog-1.png’> under the other code. Click “Render HTML Code”.
The dog picture and the flag will be revealed.
Task 3: JavaScript
Question 5: Click the “View Site” button on this task. On the right-hand side, add JavaScript that changes the demo element’s content to “Hack the Planet”
Simply replace “Hi there!” with “Hack the Planet”. Click “Render HTML + JS Code”.
This will change the output in “Rendered HTML Code” to “Hack the Planet”.
A popup box will come up and reveal the code to answer the question.
Question 6: “Add the button HTML from this task that changes the element’s text to “Button Clicked” on the editor on the right, update the code by clicking the “Render HTML+JS Code” button and then click the button.”
Clicking on “Hint” reveals the suggested code to add the button.
Add the suggested code under where you added “Hack the planet”. Click “Render HTML + JS Code”.
That will add the button under “Hack the Planet”
Task 4: Sensitive Data Exposure
Question 7: View the website on this task. What is the password hidden in the source code?
Click on “View Site”.
This page will open in your browser:
Right click and choose “View Frame Source”. This will load the page’s source code. As you can see, the Username and Password are clearly readable.
Enter the username and password into the correct fields and you will get the following pop-up.
Task 5: HTML Injection
Question 8: “View the website on this task and inject HTML so that a malicious link to http://hacker.com is shown.”
Click “View Site” and the following page will load in your browser:
After some Googling, I found that if you use <a href=”[URL]”>”message”</a> in the vulnerable text box you can inject the code. For this exercise, we will use:
<a href=”http://hacker.com”>”malicious”</a>
After a few seconds after clicking “Say Hi”, the following pop-up box will appear, revealing the flag.
Thank you for reading. If you think I bring you value, please clap and subscribe for more content.