The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. -Jakob Nielsen
Hello everybody! I am sweetwater, and I am here to show you how to complete Realistic 9.
Step 1: Read the message, and try to understand it.
At the very beginning of a realistic challenge, there is a message from a friend or a person who is desperately seeking for help. In Realistic 9's case, the message is as follows:
I heard about all your previous successes hacking. I was hoping you could help me out with a quick problem. My boss is late paying my salary and I really need some cash right now. Check out the company website here: Crappy Soft, I know they have a system set up to pay employee salaries online.
P.S. My username on the company website is firstname.lastname@example.org and my password is ilovemywork
Step 2: Log in with the information you have, and try to find some interesting information.
When you log in, you will see a page with multiple links to Mailing List, Private Messages, etc. When you joyfully click on Pay Salaries thinking that you completed the challenge, you notice that administrator access is required. So the first thing you need to do is try to exploit the information, and try different directories as I have already mentioned above.
You should see some information about your account. So what we need to do is to get the same info about the administrator. You need to write the simplest script which steals cookies and send it to him through PM.
Keep in mind that if you send links of websites with XSS, you won’t get far because clicking those links is beyond the scope of the mission. What it means is that the Admin won’t click them simply because he does not exist. You just need to send the script. I won’t include it because it would be a major spoiler.
Step 4: Paying r-conner.
Step 5: Clearing the logs.
Log out, and go to the main page of Crappy Soft.
Now you need a Firefox extension like UrlParams. I used UrlParams because it is the simplest way to complete the challenge.
!!AND YOU ARE DONE!!
When I was completing the challenge, I forgot to make the transaction and cleared the logs straight away. And the thing I found funny was the message saying that I forgot to pay the guy :)
[Edited By: Monica]
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 11 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.