kai1504
Battle Royale Expert
LEVEL 1
400 XP
This document is written by Twemlow and is intended for further understanding of the realistic challenges on HackThisSite. The idea behind this document and the ones that follow is that I am explaining what you will need to do, look for and execute. I will also explain why you need to do what I do in these tutorials to create a better understanding of the vulnerabilities, scenario and exploits used.
Link: https://www.hackthissite.org/missions/realistic/2/
Story:
Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.
What you'll need:
Knowledge of SQL
First, analyze the webpage, look at the HTML source (crtl U) and look for any comments in the code that could provide any useful information.
Next step would be to analyze any possible links (remember to always read the link before clicking), in this case, the link you will want to follow is the “update” link. This link may not always be visible to you so zoom in and out of the webpage to see if there are any hidden links, also `CRTL A` to see if any links are high lighted.
After you have fully analyzed the webpage the next step would be to click the link “update”.
You will be taken to a second web page which is a login page, however, you do not have any login credentials of any kind so at this point you would be stuck, however remembering that this website has an SQL database we can inject SQL queries into the username and password fields until the correct query is injected and therefore bypassing the login phase without needing legitimate credentials. SQLi allows the hacker to log into the login field without the correct login credentials, therefore bypassing the login phase.
In this instance, the correct query is >' OR '1<. Other queries >1=1< basically meaning that if 1 = 1 then the answer is true and the correct condition is returned. SQLi injections are just queries to get a result back from the SQL database.
It’s good practice to analyze HTML and Java code.
Conclusion is that all you need to do is perform a simple sequel injection to bypass the login and voila your onto the next challenge!
Edited by TwemlowsEmrys, 25 January 2021 - 10:21 PM.
Link: https://www.hackthissite.org/missions/realistic/2/
Story:
Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.
What you'll need:
Knowledge of SQL
First, analyze the webpage, look at the HTML source (crtl U) and look for any comments in the code that could provide any useful information.
Next step would be to analyze any possible links (remember to always read the link before clicking), in this case, the link you will want to follow is the “update” link. This link may not always be visible to you so zoom in and out of the webpage to see if there are any hidden links, also `CRTL A` to see if any links are high lighted.
After you have fully analyzed the webpage the next step would be to click the link “update”.
You will be taken to a second web page which is a login page, however, you do not have any login credentials of any kind so at this point you would be stuck, however remembering that this website has an SQL database we can inject SQL queries into the username and password fields until the correct query is injected and therefore bypassing the login phase without needing legitimate credentials. SQLi allows the hacker to log into the login field without the correct login credentials, therefore bypassing the login phase.
In this instance, the correct query is >' OR '1<. Other queries >1=1< basically meaning that if 1 = 1 then the answer is true and the correct condition is returned. SQLi injections are just queries to get a result back from the SQL database.
It’s good practice to analyze HTML and Java code.
Conclusion is that all you need to do is perform a simple sequel injection to bypass the login and voila your onto the next challenge!
Edited by TwemlowsEmrys, 25 January 2021 - 10:21 PM.