Posted on by

Realistic Missions 1-3 – Writeup

Details

A writeup of realistic missions 1-3 on http://hackthissite.org/

Realistic One

Realisitic One: Screenshot 1

I clicked the link to be taken to the mission

Realisitic One: Screenshot 2

It seems it is a voting site where the top site has ~ 23.1 points, I then found the band I was boosting

Realisitic One: Screenshot 3

The max value is 5

Realisitic One: Screenshot 4

I found in the source that it is just a value in an option

Realisitic One: Screenshot 5

So I added one with a value of “99999”

Realisitic One: Screenshot 6

Which I then selected

Realisitic One: Screenshot 7

And hit vote

Realisitic One: Screenshot 8

Realistic Two

Realisitic Two: Screenshot 1

So my goal is to get into the admin panel, first I click onto the site

Realisitic One: Screenshot 2

In the source I find a link to a page called update.php which has been coloured the same as the background to hide it

Realisitic One: Screenshot 3

So I click onto it

Realisitic One: Screenshot 4

I tried “admin:admin” as creds

Realisitic One: Screenshot 5

I then tried an sql injection of

username: admin
password: ' OR '1'='1'--

Realisitic One: Screenshot 6

Realistic Three

Realisitic Three: Screenshot 1

I click over to the site

Realisitic Three: Screenshot 2

In the source I found the location of the old index

Realisitic Three: Screenshot 3

I went over to it

Realisitic Three: Screenshot 4

Then checked out the submit poem page

Realisitic Three: Screenshot 5

Then the read poems page

Realisitic Three: Screenshot 6

My guess was the name field would be a directory traversal, so I took the source of oldindex.html and put it as the poem value, then named it “../index.html”

Realisitic Three: Screenshot 7

Finally I hit “add poem”

Realisitic Three: Screenshot 8

Last Thoughts

This was levels 1 to 3, I’ll do some more another time!# Details

A writeup of realistic missions 1-3 on http://hackthissite.org/

Realistic One

Realisitic One: Screenshot 1

I clicked the link to be taken to the mission

Realisitic One: Screenshot 2

It seems it is a voting site where the top site has ~ 23.1 points, I then found the band I was boosting

Realisitic One: Screenshot 3

The max value is 5

Realisitic One: Screenshot 4

I found in the source that it is just a value in an option

Realisitic One: Screenshot 5

So I added one with a value of “99999”

Realisitic One: Screenshot 6

Which I then selected

Realisitic One: Screenshot 7

And hit vote

Realisitic One: Screenshot 8

Realistic Two

Realisitic Two: Screenshot 1

So my goal is to get into the admin panel, first I click onto the site

Realisitic One: Screenshot 2

In the source I find a link to a page called update.php which has been coloured the same as the background to hide it

Realisitic One: Screenshot 3

So I click onto it

Realisitic One: Screenshot 4

I tried “admin:admin” as creds

Realisitic One: Screenshot 5

I then tried an sql injection of

username: admin
password: ' OR '1'='1'--

Realisitic One: Screenshot 6

Realistic Three

Realisitic Three: Screenshot 1

I click over to the site

Realisitic Three: Screenshot 2

In the source I found the location of the old index

Realisitic Three: Screenshot 3

I went over to it

Realisitic Three: Screenshot 4

Then checked out the submit poem page

Realisitic Three: Screenshot 5

Then the read poems page

Realisitic Three: Screenshot 6

My guess was the name field would be a directory traversal, so I took the source of oldindex.html and put it as the poem value, then named it “../index.html”

Realisitic Three: Screenshot 7

Finally I hit “add poem”

Realisitic Three: Screenshot 8

Last Thoughts

This was levels 1 to 3, I’ll do some more another time!

Published by Jack

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.