Realistic
https://www.hackthissite.org/playlevel/
1
how does the voting submit the vote?
check source: v.php
what is the php request?
check network settings:
https://www.hackthissite.org/missions/realistic/1/v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=1
can the value of the vote be changed?
https://www.hackthissite.org/missions/realistic/1/v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=3&vote=1000
success
2
find links
gif:
http://www.americannaziparty.com/support/gifs/wigger.gif
http://www.americannaziparty.com/support/gifs/
→ many images → oh shit it's real
source: /missions/realistic/2/update.php → login page
login action to update2.php → invalid
sql injection ' or 1=1 -- → success
3
no links
source comment: oldindex.html is original
pages:
https://www.hackthissite.org/missions/realistic/3/readpoems.php
https://www.hackthissite.org/missions/realistic/3/readpoem.php
?name=
https://www.hackthissite.org/missions/realistic/3/submitpoems.php
https://www.hackthissite.org/missions/realistic/3/submitpoems2.php
→ doesn't add to list
gobuster - nothing