Posted in Hackthissite.org

HTS-Realistic Mission 3

Peace Poetry – Realistic Mission 3

Mission brief

blurbRM3

Someone has defaced the site of a little girls poetry page. You have been asked to return it to it’s original state.

https://www.hackthissite.org/missions/realistic/3/

websiteRM3

Some pretty wild edits for a little girls web page so lets see what we can find. ‘View Source’ doesn’t reveal anything, however, opening ‘Inspect Element’ in Chrome reveals this snippet of information.

code_textRM3

Looks like we have a hacker with a conscience. Excellent. Now we have the old HTML file, which reveals the original site at

https://www.hackthissite.org/missions/realistic/3/oldindex.html

Peace_siteRM3

Two links. Read the Poetry and Submit Poetry. Visiting ‘Submit Poetry’ allows us to do just that. Natural real world testing gives us a hint for how this site was hacked, and how we can fix it.

From the code on the ‘Submit Poetry’ page we can see this

Use this form to submit a poem to the website. You do not have to be the author, but if you use someone else’s poetry, please give credit where credit is due. Thanks!

Note: Poems will be stored online immediately but will not be listed on the main poetry page until it has a chance to be looked at.

After digging around and testing a few things out. I realised that when submitting a new poem it was written to a page. Clue being in the above code snippet comments.

fixedRM3

Copy the HTML code from oldindex.html and paste into the ‘Poem:’ text entry box and enter ‘../index.html’ into the ‘Name of Poem:’ field. Hit ‘add Poem’ and you will be told you have completed the mission.

Why did this work?

By submitting a new poem with the contents of the HTML code of oldindex.html, we can replace the hacked version of index.html by using Directory Traversal. In other words, tell the web server to create a new page with these contents a level above the current directory and call it index.html. This will overwrite the original index.html with the new one we submitted. In essence how they were able to deface the web page in the first instance.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s