HackThisSite Realistic 2 Solution

0
745
hackthissite realistic mission 2

This is a simple step-by-step solution guide for Realistic 2 on Hack This Site. You are tasked with hacking into the Chicago American Nazi Party’s website.
hackthissite realise 2 opening message

Click on the link and you’ll be brought to this beautiful website where some Nazi’s are rallying.

hackthissite realistic 2 white power site

First impressions

When you first enter this website you’ll see two posts.

These two posts are very similar.

You can see that they both have aย bold title, a “posted by”, then the post below.

This tells me that the site is drawing details from a database such a MySQL.

Inspect the site and find the login portal

As usual, right-click and inspect the page!

Then, right-click the <body> tag and expand all.

Now, scroll down and skim over the code until you find something that stands out.

Perhaps this “update” link?ย It has been colored black against a black background! If you highlight the page, you’ll find it hidden!

Hack the login page using SQL Injection

Now that you’ve found the update.php, you’ll be faced with a login form.

Remember earlier, I said this site probably runs on MySQL?

We should try some SQL injection, use the following code in both the username and password boxes:
' or 1=1--

Finally, click submit!

How Login SQLi Works

SQLi lets you hack SQL databases. We can use it to hack into PHP forms like the one below.

$username = $_POST['username'];
$password = $_POST['password'];

$query = "select username, password from users where username='$username' and password='$password'";
$result = mysql_query($query);
$rows = mysql_fetch_array($result);
if($rows)
{
    echo "Successful." ;
else
{
    echo "Failure.";
}

When a user inputs their username, this passed to the $query through the $username value, which is set through the posting form on the webpage.

If a user inputs ' or 1=1--, this selects a username and password from the user’s database where username is equal to '' or 1=1, which is always true, and comments out the rest of the query using --.

This will grab the first value from the database, and use this as the login details for the current session.

The first value in a users database is usually the person who created the database: Mr Admin.

Watch This Computerphile Video on SQL Injection

NOTE: I’ve recently started a new hacking tutorials site called kali.tips, where I’ll be releasing a bunch of kali tutorials!