HTS.org R9 challenge

exploit
injection
webhacking
xss

#1

Preface

As always:
I stated my reasoning behind this article series in the first article which can be found here.
To avoid redundancy please check out the preface over there and let’s get right into action!

note: If I write non sense in this and the next following articles please correct me for the sake of me and others not getting confused and mixed up with things :slight_smile: .

Author Assigned Level: Wannabe

Community Assigned Level:

  • Newbie
  • Wannabe
  • Hacker
  • Wizard
  • Guru

0 voters

Required Skills

Since we’re starting at the beginning not much knowledge is required at the moment.

  • knowledge about html
  • knowledge about web page structure
  • cookies
  • javscript
  • xss

Disclaimer

These write ups are only my 2 cents on the challenges. So don’t take them too seriously. :wink:


HTS.org realistic challenges

Realistic challenge 9

Message:

I’ve heard you’re good at hacking, and on the right side of things. So I came looking for you. I really need help, you see, my boss has stopped paying our salaries and I’m going to miss my rent! Please help me get my money, you can reach the site at Crappy Soft. They have an online payment system, but only he can use it. Maybe you can get into his account somehow, but for now you can use mine:

Username: [email protected]
Password: ilovemywork

Thanks man, good luck.

What can we extract from the message?

  • Find the admin account
  • Pay him
  • ???

The site:

The usual stuff.

  • Login form
  • pictures
  • links

The source

The ‘hack’

The hack is based on similar attack vector as the last one.
First let’s login with the credentials we were given and snoop around:

So I think we have a pretty good idea what tools we have available and what not.
Our only choice here again is steal a cookie this time somehow through the mailing form.
I personally don’t like this challenge because it involves interaction with a non existent user and stuff we can’t control.
But here we go…

basically we send an email to the admin/owner with a custom tailored body in the message section.
We want him to redirect to a certain site and make him append his browsing cookie. So we can steal it from there…
For this we are going to use window.location.

Okay we found the cookie. Let’s change our credentials to the ones we just obtained.
As always this can be done through your browser.


Okay we have access to the payroll now:

Pay him. Okay a sudden new task… Welp.
Let’s check where’s the log located:

Okay we somehow have to override those through the email newsletter form?
Let’s look at the source and how stuff is handled under the hood…


Okay hit subscribe and bam. Challenge done…

Conclusions

This challenge dealt with similar attack vectors as the last one, but this challenge wasn’t much fun in my opinion… Hence I just wanted to finish is quickly and put it out here to continue with the series.

The next article of the series can be found here once it’s up!!

past challenges

Stay tuned :wink: