What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Realistic 1


Uncle Arnold's Local Band Review
Your friend is being cheated out of hundreds of dollars. Help him make things even again!

Realistic 1
From: HeavyMetalRyan 

Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold's Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident... but this ass hole still insists that the bet is on!
I know you're good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!

  1. View page source code
  2. You can discover that the HTML FORM method used for rating is "GET", which means you could pass your own voting value in the URL between pages directly.
  3. The URL for voting "Raging Inferno" is like below
    Request URL: hxxp://www.hackthissite.org/missions/realistic/1/v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=5
  4. So, just copy the URL and change the value of variable "vote", how about 1000000?
    Request URL: hxxp://www.hackthissite.org/missions/realistic/1/v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=1000000
  5. Send the request to page v.php
  6. Congratulations, you have successfully completed Realistic 1!