“Rage Against The Nazis”
Where To Start ?
If you are a newbie to HackThisSite challenges, I highly recommend you to go to this link and read the introductory article to this article. In that article, I have provided an introduction to both hacking and HackThisSite web site. It would be better if you have a high-level understanding of the things that we are about to discuss.
The following article will provide a walk through guide that will make you understand the learning outcomes of that challenge. This article will contain the walk through to the realistic challenge number 2. I have provided a link to this challenge at the bottom of this article.
Introduction
The problem is regarding a website which spreads racist ideas. So the peacekeeper asks us to enter the admin page of the system and to post messages after that. So accessing the admin page is needed in this scenario. So if we find a way to bypass the login process we can make this task a success.
Step By Step Guide
The following section is to provide a way to solve the challenge. The required knowledge and the learning outcomes will be given later in this article. It is better if you tried this challenge before going through the article and forums provided by the website.
- Click the link to go to the White power web site.
2) Identify the features of the web page and how it functions.
If we keenly analyze the web page we can see that there is a button under thw pictures. If you click the button you wil be able to see the loin page. But this can be easily identified if we check the source code of the web page.
We can see a php file named update at the latter part of the source code. If you click it, you will again enter the login page.
3) Bypassing the login page
As we don’t know the credentials, we may have to try an alternative way to bypass the login. Most famous way to bypass a login page is to do an SQL injection. The login page is created in a PHP file and if the inputs are not validated we only have to write a simple code only.
Type the segment to both the username and the password.
‘ OR ‘a’=’a
This will complete the mission at once and as we have now completed the mission let’s understand what we had learnt from that challenge.
Prevention Of The Security Threat
SQL injection is one of most common attack faced by the web pages. Main reason for the success of this attack is making SQL queries on the fly without validating the inputs.
Following figure will explain how this attack occurs in a simplest way.
The above SQL statement is a very standard SQL query when building login pages. It will check the given input against the data in the table. So if we input a password it will check for the matching one with the given username.
But as in the above figure, if we inject a malicious statement which will make the SQL statement true regardless the actual credential, it will change the behavior of the website entirely and an attacker can easily bypass the authorization and authentication processes.
Some of the ways to protect SQL injection attack are as follows.
1) Using escape characters functions defined in PHP language such as
mysql_real_escape_string();
This kind of function will escape the characters as a string that are special SQL. So t will prevent acting as a different query.
2) Using prepared statement
Main reason for the success of SQL injection attack is building the whole query on the fly. But if we use a prepared statement and pass the paramters after will make this problem go away. Because even there are malicious characters they won’t processed in that way but only as data.
Learning Outcomes
- How to deploy a simple SQL injection.
- Identified the ways to secure a login page.
Now What ?
This is the conclusion of this challenge. I recommend you to go to the challenge and do it again with the knowledge gain from this article. If you encounter things that you do not know it would be wise to learn them to an extent and use them. If you develop that kinf of a discipline, you will increase your knowledge about “everything” at an alarming speed. Good Luck ..!
Link to the challenge
