With the completion of Hacking Skills Challenge #11 back in May (wow! time flies), we’ve now entered the realm of realistic missions. As always, things start out relatively easy, then escalate into the stratosphere.
But first, let me point out that when you go to the site, there is always a witty, poignant or otherwise pithy, but often true, quote. Here’s the one I just encountered: “If you ask the government for permission to protest it, you deserve to be told no.” –Manhattan Libertarian Party Chair, Jim Lesczynski.”
OK. So, let’s take the first challenge and see what gives:
So, here’s the challenge we get upon entering:
Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold’s Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident… but this [expletive deleted] still insists that the bet is on!
I know you’re good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!
Sounds like a plan! Let’s get into it. It’s really almost too easy.
Visit the site and view the page source. Note that it uses “v.php” with the GET method to record the votes. There are two hidden inputs: PHPSESSID and id; you’ll need to use both of these. What we’re going to do is use the address bar to pass a very high value to the server and move Raging Inferno to the top.
Copy the value of PHPSESSID and note the id value (yours may be different than what I show here). Using the values for PHPSESSID and id, construct this URL:
http://www.hackthissite.org/missions/realistic/1/v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=99 and submit it.
If you’ve done everything right, you’ll see a blue button on the next page that says “Go On.” Clicking that button takes you to the next mission.