Hack This Site (HTS) Realistic 2 - Chicago American Nazi Party

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.

Notes
This task involves using an SQL injection to get past the login form of the site and revolves around poor data validation methods of the server. SQL injections that I have tried on this mission are:

• ' or 1=1--
• ' or '1'='1'--

You should try some other statements to see if they work too.

Hack This Site (HTS) Realistic 1 - Uncle Arnold's Local Band Review

Your friend is being cheated out of hundreds of dollars. Help him make things even again!

Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold's Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident... but this ass hole still insists that the bet is on!
I know you're good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!

Notes
I didn't mention in the video (which perhaps I shoud have) some useful information:

• The reason this attack works is that the value you have altered and sent was not being checked on  the server side e.g. there was no statement like this:

 if($_POST("voteVal") < 1 || $_POST("voteVal") > 5)
       handleError();

• It is extremely important that form values are checked both client and server side. However, as you have just seen it is more important to check them server side to make sure the value isn't just executed with the code. The need to check client-side is more of an efficiency method so that genuine-bad input (accidental input) does not take up server resources by handling http requests. You will see how important this really is when we come to do SQL Injections.
• The other method I spoke of was to save the web page locally to your machine and then alter the form values within the HTML.

Hack This Site (HTS) Javascript 6 - go go go away .js

now you see it..umm...wait...

"Fiftysixer decided to try his hand at javascript!
All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.
He didn't mind, in fact, he did his best to make it even MORE confusing!"

As per usual, the first step is to jump through the soruce code to where the password field lies and look at the surrounding code. We can see that as soon as the user clicks the submit button, a peice of javascript will run which will check the password entered. From here we do a second search for the "checkpass" function and find that this function is located in an external file, which happens to be named checkpass.js.

In this file, we see how the function works and what the expected input is which in this case is: moo pwns

Hack This Site (HTS) Javascript 5 - Escape!

Did... she say runescape?

Uhm, faith spelled runescape wrong?



This mission, like many of the other Javascript missions, simply require you to lookup javascript functions. In this case, the "escape/unescape" function. As you can see from the video there tends to be an online version of any language function that involves conversion.

To pass this mission you simply need to input the unescaped version of the given string is the source code which is ilovemoo.

Hack This Site (HTS) Javascript 4 - Var?

But that's what it said! right?

Faith is trying to trick you... she knows that you're tired after all the math works...



The difficulty rating for this one is easy for a reason! What's involved to get the password is as easy as the first mission, however it takes a bit more thinking 'outside of the box'. There's not a lot more that can be said in this tutorial as it really is quite simple.

Although most websites will not use this kind of mechanism for logins (well... we hope so from their point of view but from ours it makes the job a lot easier :)) they will try and obscure information using javascript and other tricks like this. For example, if you look at the source code for many video hosting websites you will notice that they have the location of the video embedded somewhere in the code, so we can easily come along and simply paste it into our address bar and download the video. However, try and do this to a website like veoh or youtube and it's not quite as easy to find.