hackthissite realistic mission 2

This is a simple step-by-step solution guide for Realistic 2 on Hack This Site. You are tasked with hacking into the Chicago American Nazi Party’s website.
hackthissite realise 2 opening message

Click on the link and you’ll be brought to this beautiful website where some Nazi’s are rallying.

hackthissite realistic 2 white power site

First impressions

When you first enter this website you’ll see two posts.

These two posts are very similar.

You can see that they both have a bold title, a “posted by”, then the post below.

This tells me that the site is drawing details from a database such a MySQL.

Inspect the site and find the login portal

As usual, right-click and inspect the page!

Then, right-click the <body> tag and expand all.

Now, scroll down and skim over the code until you find something that stands out.

Perhaps this “update” link? It has been colored black against a black background! If you highlight the page, you’ll find it hidden!

Hack the login page using SQL Injection

Now that you’ve found the update.php, you’ll be faced with a login form.

Remember earlier, I said this site probably runs on MySQL?

We should try some SQL injection, use the following code in both the username and password boxes:
' or 1=1--

Finally, click submit!

How Login SQLi Works

SQLi lets you hack SQL databases. We can use it to hack into PHP forms like the one below.

$username = $_POST['username'];
$password = $_POST['password'];

$query = "select username, password from users where username='$username' and password='$password'";
$result = mysql_query($query);
$rows = mysql_fetch_array($result);
if($rows)
{
    echo "Successful." ;
else
{
    echo "Failure.";
}

When a user inputs their username, this passed to the $query through the $username value, which is set through the posting form on the webpage.

If a user inputs ' or 1=1--, this selects a username and password from the user’s database where username is equal to '' or 1=1, which is always true, and comments out the rest of the query using --.

This will grab the first value from the database, and use this as the login details for the current session.

The first value in a users database is usually the person who created the database: Mr Admin.

Watch This Computerphile Video on SQL Injection

NOTE: I’ve recently started a new hacking tutorials site called kali.tips, where I’ll be releasing a bunch of kali tutorials!

Leave a Reply