" I think the very concept of an elite commission deciding for the American people who deserves to be heard is profoundly wrong." --former Congressman Newt Gingrich on the "Commission on Presidential Debates"
Hello everybody! I am sweetwater, and I am here to show you how to complete Realistic 9.
Step 1: Read the message, and try to understand it.
At the very beginning of a realistic challenge, there is a message from a friend or a person who is desperately seeking for help. In Realistic 9's case, the message is as follows:
I heard about all your previous successes hacking. I was hoping you could help me out with a quick problem. My boss is late paying my salary and I really need some cash right now. Check out the company website here: Crappy Soft, I know they have a system set up to pay employee salaries online.
P.S. My username on the company website is email@example.com and my password is ilovemywork
Step 2: Log in with the information you have, and try to find some interesting information.
When you log in, you will see a page with multiple links to Mailing List, Private Messages, etc. When you joyfully click on Pay Salaries thinking that you completed the challenge, you notice that administrator access is required. So the first thing you need to do is try to exploit the information, and try different directories as I have already mentioned above.
You should see some information about your account. So what we need to do is to get the same info about the administrator. You need to write the simplest script which steals cookies and send it to him through PM.
Keep in mind that if you send links of websites with XSS, you won’t get far because clicking those links is beyond the scope of the mission. What it means is that the Admin won’t click them simply because he does not exist. You just need to send the script. I won’t include it because it would be a major spoiler.
Step 4: Paying r-conner.
Step 5: Clearing the logs.
Log out, and go to the main page of Crappy Soft.
Now you need a Firefox extension like UrlParams. I used UrlParams because it is the simplest way to complete the challenge.
!!AND YOU ARE DONE!!
When I was completing the challenge, I forgot to make the transaction and cleared the logs straight away. And the thing I found funny was the message saying that I forgot to pay the guy :)
[Edited By: Monica]
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 11 comments.
HackThisSite is is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.