Today we are looking at the Hack This Site Realistic Web Mission level 1. This mission requires the hacker to modify the source of the web application to modify its behavior. The reason behind the hack is to increase the rank of the band Raging Inferno. This hack uses a similar technique to one of the basic missions where we had to modify Sam’s email address to send the email to ourselves. If you want to read my posts about the basic missions, you can do so here.
Navigating to realistic mission 1, you are present with a message from HeavyMetalRyan who explains that he made a bet that his band would be ranked first. Unfortunately, two of his band members died in an accident but the person he made the bet with insists the bet is still on. HeavyMetalRyan would like us to hack the web application so that his band is at the top of the chart.
Exploring The Web Application
The functionality of the application appears to be basic. Each band is listed and has a voting option next to them. The voting option allows the user to submit a score between one and five. There doesn’t appear to be any other functionality on the application other than links to the band.
HeavyMetalRyan said in his message, that his band is called Raging Inferno. So far, they don’t appear to have the most rave reviews. Using the voting system appears to submit the value of the selected number back to the server. In order to hack the application, we will need to view the page source.
Web Application Hack
In order to “hack” the application, we need to look at the page source and make some modifications before submitting the vote. This can be done in many browsers by right-clicking on the page and selecting view source from the context menu. The image below shows the page source before modification. You can see that option 5 has a value of 5. When the vote button is pressed, the value 5 will be recorded as the vote.
In order to complete this challenge, we need to modify the value of 5 to a significantly higher value. This means that when the vote button is clicked, the higher value will be submitted rather than the value of 5. The image below shows the page source after the modification has taken place.
Once the value has been modified, we can select the option that we have modified and click the vote button. This should send the modified value back to the server instead of the originally intended value.
With the vote submitted you should have now completed the challenge. I hope you enjoyed this post but please check out the video if you would prefer to watch a demonstration.