This is a simple step-by-step solution guide for Realistic 2 on Hack This Site. You are tasked with hacking into the Chicago American Nazi Party’s website.
Click on the link and you’ll be brought to this beautiful website where some Nazi’s are rallying.
First impressions
When you first enter this website you’ll see two posts.
These two posts are very similar.
You can see that they both have a bold title, a “posted by”, then the post below.
This tells me that the site is drawing details from a database such a MySQL.
Inspect the site and find the login portal
As usual, right-click and inspect the page!
Then, right-click the <body> tag and expand all.
Now, scroll down and skim over the code until you find something that stands out.
Perhaps this “update” link? It has been colored black against a black background! If you highlight the page, you’ll find it hidden!
Hack the login page using SQL Injection
Now that you’ve found the update.php, you’ll be faced with a login form.
Remember earlier, I said this site probably runs on MySQL?
We should try some SQL injection, use the following code in both the username and password boxes:' or 1=1--
Finally, click submit!
How Login SQLi Works
SQLi lets you hack SQL databases. We can use it to hack into PHP forms like the one below.
$username = $_POST['username']; $password = $_POST['password']; $query = "select username, password from users where username='$username' and password='$password'"; $result = mysql_query($query); $rows = mysql_fetch_array($result); if($rows) { echo "Successful." ; else { echo "Failure."; }
When a user inputs their username, this passed to the $query
through the $username
value, which is set through the posting form on the webpage.
If a user inputs ' or 1=1--
, this selects a username and password from the user’s database where username is equal to '' or 1=1
, which is always true, and comments out the rest of the query using --
.
This will grab the first value from the database, and use this as the login details for the current session.
The first value in a users database is usually the person who created the database: Mr Admin.
Watch This Computerphile Video on SQL Injection
NOTE: I’ve recently started a new hacking tutorials site called kali.tips, where I’ll be releasing a bunch of kali tutorials!