Hack This Site: Realistic Web Mission – Level 1

Hack This Site: Realistic Web Challenges – Level 1

Today we are looking at the Hack This Site Realistic Web Mission level 1. This mission requires the hacker to modify the source of the web application to modify its behavior. The reason behind the hack is to increase the rank of the band Raging Inferno. This hack uses a similar technique to one of the basic missions where we had to modify Sam’s email address to send the email to ourselves. If you want to read my posts about the basic missions, you can do so here.

Hack This Site Realistic Web Mission – Level 1
Uncle Arnold’s Band Review

Navigating to realistic mission 1, you are present with a message from HeavyMetalRyan who explains that he made a bet that his band would be ranked first. Unfortunately, two of his band members died in an accident but the person he made the bet with insists the bet is still on. HeavyMetalRyan would like us to hack the web application so that his band is at the top of the chart.

Message from HeavyMetalRyan
Message from HeavyMetalRyan

Exploring The Web Application

The functionality of the application appears to be basic. Each band is listed and has a voting option next to them. The voting option allows the user to submit a score between one and five. There doesn’t appear to be any other functionality on the application other than links to the band.

Uncle Arnold's Local Band Review Page
Uncle Arnold’s Local Band Review Page

HeavyMetalRyan said in his message, that his band is called Raging Inferno. So far, they don’t appear to have the most rave reviews. Using the voting system appears to submit the value of the selected number back to the server. In order to hack the application, we will need to view the page source.

Web Application Hack

In order to “hack” the application, we need to look at the page source and make some modifications before submitting the vote. This can be done in many browsers by right-clicking on the page and selecting view source from the context menu. The image below shows the page source before modification. You can see that option 5 has a value of 5. When the vote button is pressed, the value 5 will be recorded as the vote.

Page Source Hack
Uncle Arnold’s Local Band Review Page Source

In order to complete this challenge, we need to modify the value of 5 to a significantly higher value. This means that when the vote button is clicked, the higher value will be submitted rather than the value of 5. The image below shows the page source after the modification has taken place.

Uncle Arnold's Local Band Review Page Source Hacked
Uncle Arnold’s Local Band Review Page Source Modified

Once the value has been modified, we can select the option that we have modified and click the vote button. This should send the modified value back to the server instead of the originally intended value.

Raging Inferno Vote Hack
Raging Inferno Vote Hack

With the vote submitted you should have now completed the challenge. I hope you enjoyed this post but please check out the video if you would prefer to watch a demonstration.