This mission is unusual as it involves a sort of social engineering - hacking people and their behaviours. A lot of people seem to have trouble with this as it isn't as clean cut as most of the other missions, for this reason I chose to write this tutorial.
Stage 1 :: Recon
As you are all aware the first stage to hacking any website is pure reconnaissance - look around, read every page, try to gather an image in your head about how the site is constructed and how the individual pages work. This site contains a few HTML forms, mess about with these and see what happens. I advise a notepad as there will be a few random bits of information that fall out.
Not found anything interesting? Read the spoiler:
Sometimes bad error handling can expose information.
If you're still getting no love, read the second spoiler:
The 'Press Release' page performs an SQL query based on the value supplied in the HTML form
Stage 2 :: Secrets & Lies
So we now have an image of the site as a whole, and could probably guess as to the code structure of most of the pages. You have possibly found a couple of leads that might be worth following up, check each one in turn.
One thing you should have discovered is a novel method for obfusticating a URL. Someone has taken extra care to protect the contents of this directory, and done so in an unusual way - one which they probably came up with themselves and think is devilishly clever.
Head over to this protected directory and find out what they felt needed extra protection.
Confused? Read the spoiler:
'Press Release' script & null result
Again, a second spoiler if you feel you need it:
Sockets, HTTP Headers, Hash Functions and String Concatenation. Read up on these and hopefully you'll find the protected URL.
Stage 3 :: Exposed
So you've found an interesting file, and probably now have your hands on a recently cracked username and password. But where to enter them? This site has no obvious login area, check your notes and make one quick check around the pages.
Not managed to find a username or password? Read the spoiler:
in the protected subdirectory is a fairly normal looking password file. What you need to do is crack these hashes, google it if you're unfamiliar with this stuff.
Stage 4 :: Exploited
This is where a lot of people get stuck, as (to my knowledge) there are not many clues as to where to find a login script. The creator of this site seems to be a bit of a wannabe security expert, and probably believes he is smarter than most hackers. He has hidden the login page, but this guy is boring and predictable.
He has hidden it in a directory whose name is a....this guy isn't very imaginative.
Thanks for reading!
--Lynks [Edited by: Defience]
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 15 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.