Last Friday's mission was to accomplish solving HackThisSite, realistic 1. This is the first in a series of realistic simulation missions designed to be exactly like situations you may encounter in the real world. This first mission, we are asked to help a friend manipulate the website voting system for a Battle of the Bands vote count in his favor.
These missions are for everyone here, and you can join at any time. Your experience level doesn't matter. HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it.
Realistic 1
When we start this mission, we get a greeting from a friend requiring our skills.
When we click the link in the message, we are brought to our target site. As always, we should start with a view of the page source after a short period of exploring the site to gain a feel for it. After looking through the page source, you should see the part that says "Raging Inferno".
If you look closely at the options menu tags, you will see that the value for each one is defined as an attribute. This person used HTML to code the value of the option on the voting form. So all we need to do is download this web page, modify it and submit the form.
Right-click the band page and view the page source. Copy and paste all of it in a notepad and name it index.html with the Save as All Types option selected. Edit the source to point directly back to the web page by pasting the following URL in front of v.php in the forms action attribute.
http://www.hackthissite.org/missions/realistic/1/
We also need to edit the value of one of the voting options. I used 5.
Save and load up your web page in your web browser and vote on the option you modified. It will trick the server into thinking they have an impossibly good average because it received 99,999 good ratings in one vote.
It should bring you to the next mission.
Brace yourself for next week! We are going to take down a racist hate website that is coordinating a meeting soon.
Want more Null Byte?
Image via zortrium
Comments
No Comments Exist
Be the first, drop a comment!