TRUE MILLER
Search for:
Hacking

Hack This Site: Realistic 2 Solution

By
Pinterest LinkedIn Tumblr
hackthissite realistic mission 2

This is a simple step-by-step solution guide for Realistic 2 on Hack This Site. You are tasked with hacking into the Chicago American Nazi Party’s website.
hackthissite realise 2 opening message

In this article hide

Navigate to the target site

Click on the link and you’ll be brought to this beautiful website where some Nazi’s are rallying.

hackthissite realistic 2 white power site

First impressions

When you first enter this website you’ll see two posts.

236

These two posts are very similar.

You can see that they both have a bold title, a “posted by”, then the post below.

This tells me that the site is drawing details from a database such a MySQL.

Inspect the site and find the login portal

As usual, right-click and inspect the page!

247 1

Then, right-click the <body> tag and expand all.

921

Now, scroll down and skim over the code until you find something that stands out.

483

Perhaps this “update” link? It has been colored black against a black background! If you highlight the page, you’ll find it hidden!

268

Hack the login page using SQL Injection

Now that you’ve found the update.php, you’ll be faced with a login form.

576

Remember earlier, I said this site probably runs on MySQL?

We should try some SQL injection, use the following code in both the username and password boxes:
' or 1=1--
982

Finally, click submit!

How Login SQLi Works

SQLi lets you hack SQL databases. We can use it to hack into PHP forms like the one below.

$username = $_POST['username'];
$password = $_POST['password'];

$query = "select username, password from users where username='$username' and password='$password'";
$result = mysql_query($query);
$rows = mysql_fetch_array($result);
if($rows)
{
    echo "Successful." ;
else
{
    echo "Failure.";
}

When a user inputs their username, this passed to the $query through the $username value, which is set through the posting form on the webpage.

If a user inputs ' or 1=1--, this selects a username and password from the user’s database where username is equal to '' or 1=1, which is always true, and comments out the rest of the query using --.

This will grab the first value from the database, and use this as the login details for the current session.

The first value in a users database is usually the person who created the database: Mr Admin.

Watch This Computerphile Video on SQL Injection

NOTE: I’ve recently started a new hacking tutorials site called kali.tips, where I’ll be releasing a bunch of kali tutorials!

Related Posts

Leave a Reply