Skip to main content

Hack This Site! Realistic 1-Uncle Arnold's Local Band Review

Related image 
Uncle Arnold's Local Band Review 
Your friend is being cheated out of hundreds of dollars. Help him make things even again!

After Finishing our basic missions and JavaScript missions we gained a lot of confidence.Now it is time to test in real life scenario. This is where Realistic missions comes in handy.
==================================================

It Says:
From: HeavyMetalRyan 

Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold's Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident... but this ass hole still insists that the bet is on!

I know you're good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!

==================================================

 After reading this poor guy's message, I feel like i must help even though I am not as good in computer as he thinks and it is not easy to hack any website as he may think . So let us visit this uncle Arnold's page and see what we can do. 

I saw this guy's band name at the last of list.
Now its yours as well as my turn.Summon all the knowledge we learned in the past missions and apply it here. Analyse the webpage thoroughly,especially the button for voting.


<select name="vote">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
<input type="submit" value="vote!">

I don't see  any thing suspicious but we wont let anything slip away.

I just right clicked on the vote button below our raging inferno and selected inspect. The same code as above is there ..now what i did is just changed the value="1" to value="999999".

Gotcha! that's it they have no protection all we have to do was to change the value to something big and that much vote will be sent and our band will be the winner.
Labels:

Comments

Post a Comment

Popular posts from this blog

Hack This Site Basic 8

Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/  However, Sam's young daughter Stephanie has just learned to program in PHP. She's talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote a script to demonstrate her ability. So, we know the password is stored in some obscured password file.  Lets try the same code as we did in level 7. But the code 'ls' is not treated as command. so lets try it differently. Try with aaa;<!--ls--> it also failed but got a message: If you are trying to use server side includes to solve the challenge, you are on the right track: but I have limited the commands allowed to ones relevant towards finding the password file for security reasons(because there will always be that one person who decides to ...
2 comments
Read more

Hack This Site! Basic 4

This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him auto And below this,There is a button for sending password to Sam's email.What we should do? right click on the button ,if you are in google chrome ,select > inspect . Now on right side you could see the script of that button. In this script you could see, <input type="hidden" name="to" value="sam@hackthissite.org"> Got any idea? yea , all you have to do is change the email to whatever  email you registered in Hackthis site ! Now check your mail,there must be the password you needed! Keep going!
3 comments
Read more

Hack This Site Basic 11

Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics. As you may have noticed! when we visit this level all we are given with is some line about song.This line changes on each refresh.From this we assume that this is not the real page we need to visit.But how we find our requirement? There is a tool in Kali Linux called 'Dirb'. But for now Iam using an online service for this >> URL FUZZER << . First we give the url and search for files with .php extension. select start scan.Wait for scan to finish. So,we have found a file.Now visit it as: https://www.hackthissite.org/missions/basic/11/index.php There is our login page.still we are stuck!we don't have the password or any hint in the source code of this page. Lets run another scan on the URL Fuzzer ,this time for directories  Same way start scan and wait for it to finish. There are two possible directori...
Post a Comment
Read more