This is a simple step-by-step solution guide for Realistic 2 on Hack This Site. You are tasked with hacking into the Chicago American Nazi Party’s website.

Click on the link and you’ll be brought to this beautiful website where some Nazi’s are rallying.

First impressions

When you first enter this website you’ll see two posts.

These two posts hold some similarities in structure. You can see that they both have a bold title followed by a “posted by someUser”, a horizontal rule, then the actual post below.

This tells me that the site is drawing details from a database such a MySQL.

Inspect the site and find the login portal

As usual, right-click and inspect the page!

Then right-click the <body> tag and expand all.

Now, scroll down and skim over the code until you find something that stands out.

Perhaps this “update” link? It has been colored black against a black background! If you highlight the page, you’ll find it hidden!

Hack the login page using SQL Injection

Now that you’ve found the update.php, you’ll be faced with a login form.

Remember earlier, I mentioned this site probably runs on MySQL?

We should try some SQL injection, use the following code in both the username and password boxes:
' or 1=1--

Finally, click submit!

How Login SQLi Works

SQL injection works by exploiting SQL queries involving user input. A simple PHP login form using SQL will look like so:

$username = $_POST['username'];
$password = $_POST['password'];

$query = "select username, password from users where username='$username' and password='$password'";
$result = mysql_query($query);
$rows = mysql_fetch_array($result);
    echo "Successful." ;
    echo "Failure.";

When a user inputs their username, this passed to the $query through the $username value, which is set through the posting form on the webpage.

Now, if a user inputs ' or 1=1--, this selects a username and password from the users database where username is equal to '' or 1=1, which is always true, and comments out the rest of the query using --. This will grab the first value from the database, and use this as the login details for the current session.

The first value in a users database is usually the person who created the database: Mr Admin.

Watch This Computerphile Video on SQL Injection

Leave a Reply
You May Also Like

Make Money Reselling Likes, Views & Subscribers

Social media panels are dashboards that allow you purchase a bunch of…

OnePress Social Locker, WordPress Plugin Review

Social media lockers have always been lucrative. If you’re running any sort…

The Difference Between Instance & Static Methods in Java

An instance method is a method used only for THAT VERY INSTANCE.…

Java Classes: How to Make A New Class in Java

Classes are super important in Java and most other Object-orientated programing languages.…