Vulnerable Bits | CTF writeups

Jackson G. Kaindume


Writeups of hacks by kwatafana.org.


Hack This Site


  1. Difficulty rating: Easy

From: HeavyMetalRyan

Message: Hey man, I need a big favour from you. Remember that website I showed you once before? Uncle Arnold’s Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident… but this ass hole still insists that the bet is on! I know you’re good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man!

If we visit the challenge’s webpage we see a page. The interesting parts of the page are the 5 sections of the 5 bands, the bands are ordered the top to bottom with the best band being on top and the worst being at the bottom of the list.

Each section contains an HTML form, here is the form for the top band (Imposing Republic):

<form action="v.php" method="get">
    <input type="hidden" name="PHPSESSID" value="abcaeadfc31a5c43b2534bf995c0553f">
    <input type="hidden" name="id" value="4">
    <select name="vote">
        <option value="1">1</option>
        <option value="2">2</option>
        <option value="3">3</option>
        <option value="4">4</option>
        <option value="5">5</option>
    <input type="submit" value="vote!">

The form sends a GET request, this means that the form data will be appended to the URL in key/value pairs, this it looks for the first form:


Where PHPSESSID is the session ID, id


1. Confidentiality

On this page what data should the hacker not be able to read?


2. Integrity

On this page what data should the hacker not be able to modify?

3. Availability

On this page what data should the hacker not be able to destroy?

4. Doorways, Angels and Demons

Door = GET v.php?PHPSESSID=&id=4&vote=1

Angel = GET v.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&id=4&vote=1