Back to list
CTFVery Easy

HackThisSite — Basic Mission 6

ducky
2026-05-19
22 views
1 min read

HackThisSite — Basic Mission 6

Understanding the Cipher

Tested with qwerty123 → got qxgux~79;

The pattern:

  • Position 0 → shift by 0 (no change)
  • Position 1 → shift by 1
  • Position 2 → shift by 2
  • ...and so on (operates on ASCII values)
encrypted_char = original_char + position
original_char  = encrypted_char - position

Decryption

Encrypted password: 05g9f;<= (or 05g9f;<; — use whatever shown on your level page)

Apply: original = encrypted_char_ASCII - position

Quick Python to decode:

Run it → get the plaintext password → submit.

Root Cause

A custom, weak cipher with a fully predictable pattern. The encryption tool itself is publicly available on the same page — making it trivial to test inputs and reverse-engineer the algorithm.

Key Takeaway

Never roll your own encryption. Custom ciphers are almost always breakable by pattern analysis. Use proven, standard algorithms.

Tags

#hackthissite#hackthissite-basic-mission-6#/missions/basic/6

Keep Reading

Related writeups

CTFVery Easy

HackThisSite — Basic Mission 11

Apache directory listing is enabled and `.htaccess` is publicly readable — fuzzing reveals the hidden directory structure and leaks the password filename.

#hackthissite#Basic Mission 11#basic-mission-11
2026-05-19
ducky
26
2m
CTFVery Easy

HackThisSite — Basic Mission 10

Authorization is stored in a client-side cookie as `level10_authorized=no` — changing it to `yes` grants instant access.

#hackthissite#Basic Mission 10#basic-mission-10
2026-05-19
ducky
23
1m
CTFVery Easy

HackThisSite — Basic Mission 9

No injection point in Level 9 itself — reuse Basic 8's SSI vulnerability with a traversal path pointing to Level 9's directory to expose the hidden password file.

#hackthissite#Basic Mission 9#basic-mission-9
2026-05-19
ducky
17
1m