Last Friday's mission was to accomplish solving HackThisSite, realistic 1. This is the first in a series of realistic simulation missions designed to be exactly like situations you may encounter in the real world. This first mission, we are asked to help a friend manipulate the website voting system for a Battle of the Bands vote count in his favor.
These missions are for everyone here, and you can join at any time. Your experience level doesn't matter. HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it.
Realistic 1
When we start this mission, we get a greeting from a friend requiring our skills.
When we click the link in the message, we are brought to our target site. As always, we should start with a view of the page source after a short period of exploring the site to gain a feel for it. After looking through the page source, you should see the part that says "Raging Inferno".
If you look closely at the options menu tags, you will see that the value for each one is defined as an attribute. This person used HTML to code the value of the option on the voting form. So all we need to do is download this web page, modify it and submit the form.
Right-click the band page and view the page source. Copy and paste all of it in a notepad and name it index.html with the Save as All Types option selected. Edit the source to point directly back to the web page by pasting the following URL in front of v.php in the forms action attribute.
http://www.hackthissite.org/missions/realistic/1/
We also need to edit the value of one of the voting options. I used 5.
<option value="99999">5</option>
Save and load up your web page in your web browser and vote on the option you modified. It will trick the server into thinking they have an impossibly good average because it received 99,999 good ratings in one vote.
It should bring you to the next mission.
Brace yourself for next week! We are going to take down a racist hate website that is coordinating a meeting soon.
Want more Null Byte?
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
5 Comments
I find this one a little simple dont you think?
I agree. This is similar to the newbie missions...(!) Just screwing with the saucecode. :/
how long have you two been doing things like this
mmm so how to prevent this ?
Just check the values on server side they have to be 0>x<6
Share Your Thoughts