Header Banner
Null Byte Logo
Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker

Goodnight Byte: HackThisSite, Realistic 2 - Real Hacking Simulations

Last Friday's mission was to accomplish solving HackThisSite, realistic 2. This second mission in a series of realistic simulation missions was designed to be exactly like situations you may encounter in the real world, requesting we help a friend take down a racist hate-group website.

These missions are for everyone here, and you can join at any time. Your experience level doesn't matter. HackThisSite is a free, legal and safe practice ground for aspiring hackers wanting to test their knowledge on something real. We have full permission to exploit their servers, and we even get point rewards for it. In order to trump this mission, we need to find access to the administrator control panel.

Realistic 2

When we start this mission, we get a greeting from another person inquiring for our hacker-abilities.

When we click the link in the message, we are brought to our target site. Upon initial inspection, the page may appear to be simple and errorless. However, if you view the page source and scroll down, you will notice something interesting.

Code snippet showing HTML anchor tag with highlighted URL and font color.

This means that somewhere on the page, there is a link with a font color of black. The link is called update, so let's check it out. If we highlight the whole page using ctrl + a, we will see the hidden link become visible. Click it.

You will be brought to a login page that asks for a password. If we look at the page source, all we get is a page link to update2.php, which only leads to the failed login page. How can we manipulate this? Let's try a SQL injection to bypass the password authorization by giving it a clause that is always true.

' or 1=1--

Enter that in the username, password field, or both. You will bypass the authorization and be brought to the mission's completion page.

Want more Null Byte?

Image via HackThisSite

Apple's iOS 26 and iPadOS 26 updates are packed with new features, and you can try them before almost everyone else. First, check Gadget Hacks' list of supported iPhone and iPad models, then follow the step-by-step guide to install the iOS/iPadOS 26 beta — no paid developer account required.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!