last mission was accomplished last week, now we have a new mission on Hackthissite. Today we have a mission to accomplish solvingHackThisSiterealistic 2 mission. It is a second mission of series of realistic simulation mission . they are designed as real world scenarios which you may encounter in the real world.
[adinserter name=”Display_ads”]
when we start this mission, we get a message from a person inquiring for our skills
when we click on a given link, we get to a our site which is our target. when we investigate the page we find it that it is errorless and simple. but if we see the page source and scroll down. we notice something fishy
[adinserter name=”Display_AMP”]
[adinserter name=”In-article”]
This tells us that there is a link on page which is hidden. this link has a black colour because of which we couldn’t see on front end . this link is called update, so let’s check what it does, if we press ctrl + A we highlight the page and we see the hidden link. now let’s click it .
[adinserter name=”AMP”]
we get to a login page which asks us a password. if we investigate the page source again, all we get is a page link to update2.php, which only leads to a login page which is failed. so to manipulate this we will try SQL injection to bypass the authorization password by giving it a clause that is always true
‘ OR 1=1–
Entering above code in the password or username or of course in both field. we bypass the authorization and that’s how we complete our second mission
[adinserter name=”Multiplex_ads”]
[adinserter name=”Multiplex_AMP”]
[…] Realistic 2 Posted in CTFs & Vulnerable Machines […]