The Necessary Tools to complete Mission 8

TOOL 1:
SQL Injections

The main use of SQL injections is to make the "application run SQL code that was not intended". This being said, you use this type of injections if you want to for example see all the contents of a certain table instead of just the one that satisfies your input. The SQL code injections, especially ones that lets you see information you're not supposed to, is a vital tool in this mission. Remember what you're looking for first. For syntaxes, please check the link I included.

Source:
http://unixwiz.net/techtips/sql-injection.html

TOOL 2:
Javascript Injections
Javascript injections can ultimately be used to alter the source code and other data (like cookies) to ones that favor the hacker. They can be used to write forms, replace one's identity that's stored in a cookie. When used in a site, it's as if you're making a tiny patch that creates a different output. The effects of java<b></b>script injections can be devastating if you know how to use them well. For further reading and syntaxes, check the link I included.

Source:
http://www.testingsecurity.com/how-to-test/injection-vulnerabilities/Javascript-Injection



OPTIONAL TOOLS:
FIREBUG and FIRECOOKIE
These two tools are add-ons of mozilla firefox which you can use to aid in your mission. The use of these tools are pretty straightforward because they should you an interface where you can write or edit data in the website. If you want to know more about these add-ons, just simply check on them, they're common.


MOST IMPORTANT TOOL:
Patience

If you did the previous missions, these topics were already covered (Especially in the basic missions). If you had the patience to try them, all you would've needed was to refresh your memory. The basic missions are what prepares you for these (at least). Have at least the sense to check them. Remember that these missions are designed to educate.

Just so you don't give up easily, this mission is simple as long as you understand the concepts. I advice you do further reading on these tools if you want to become really good.


THE MISSION ITSELF:
You have three things to do: (1) Find Gary Hunter's account, (2) transfer the cash to 'dropCash' and (3) delete the file 'logFiles' to cover your tracks. The tools stated above will be what you'll use to do this.

Look around first, check the source codes, check every page and see if you can find anything useful. PATIENCE, remember? You need to observe everything here. Have you found the page that you could use for the first task? There should be a page there that gives information about users. You can use one of the tools above to exploit this.

Remember that you should try to master the tools so that it'll be useful in the future too. Anyway, I hope you have what you need now for the first task. How bout the next two tasks? Well, have you tried registering and logging in to an account? If not, try it now and it should show you something very useful. See it now? Once you actually see what you need, it's just a matter of exploiting it.

Asuming that you saw what you need, you'll find that another of the tools above will be very useful. You just have to add some tweaks. Also, don't forget to check the source code. You can base the use of your tool there. The source code contains valuable information like what links are on the site, what forms are there and other stuff that the site holds. If you know how to understand the source code and know how to use the information in it, this mission is a piece of cake. Also, don't forget who the site should think you are. That's also vital to this mission. A tool above can be useful for this.

A little push in the right direction: Remember the links i posted along with this. If you read them, the injections that have been posted there can actually be useful to you. You just have to edit them. Why not try reading it? :)


In any case, if you have questions, feel free to pm me.

--set
null-set