lol lot have people been tryna hack using the guest book :P

it's a lot easier to go to the guestbook and then do a sql injection ( 'or 1=1-- ) and you see the url...

Thanks for this! I've been working on this mission for hours now and kinda gave up but that html add on thing cleared things up and I was able to solve it!

Another method of completing the mission

1: go to the guestbook and type as a comment: ../

2: scroll down and find the username, password (for the IT dick) and the login page

3: log in using the admin info

4: delete the blocked sites - mission done

Amazing Work!!!!!!

i have a question? how did this guy learn to hack? amazing skills, did you take classes on it? im a mild hacker myself... ive learned everything from years of experience, videos, and books... and i can do some pretty decent stuff, i mostly program though, not nessesarily hack :P. jw, reply to this please!

nice tut;) but I was wondering..

what did you type at the password field? I know it doesn't work but just wondering..:D

I got the login info simply by using |ls| pipeline cmd in the guestbook input field. But this was very insigtful towards additional methods of exploitation.

the first part i just typed in (lessthan)!--#cmd="ls"--(great­erthan) in the submission box and got to the registry.

i like the begining Introduction :D

gr8 vids dude! btw i had a question.

The realistic missions...are they really realistic? i mean you can use the methods in hackthissite to hack real sites?

@s4mis4mi unfortunatly yes i will be changeing my grades soon lol

@s4mis4mi you can... but you shouldn't, and I now know who you are to effectively defend against you...

@zer0un00bie Because that is the REAL way to complete the mission. If you're going to be skiddish and use answers already laid out for you by other people - then be my guest and slack, failing to learn any proof of concept. Heck, even these videos are spoilish, but at least you learn something...

I mean legitly - did you watch this video? The first 30 seconds of the video I just explained what I just typed as a comment....

@cwade12c we love your "learning" way more, dont worry :)

I just used sql injection

damn it! i did want to do it by myself but the fag who posted the first in the guest book spoiled it! :@

nice explains everything using several techniques but i did something else... haha

Nice, but you could also, put a message, which you would have used A SQL injection, as 'or''='

Realistic 10 tutorial? Video description wrong.

Edited. Thanks.

Cwade, can you do realistic 16?

I thought that was the way to do it =(

thats upsetting

Realistic 13 is done. The Wade, will post it when he get's back from Vacation. i'm on 14 and will get it out soon.

ya, you can use the guest book spoiler, if you can't/don't want to learn.

the login is in the guestbook.txt its in the first line of code read it

Rodney, listen to what I said 20-30 seconds into the video.

Thanks, you rule :D

well, that was awsome to have my morning coffee with. was like a scene right out of Hackers, the movie. don't remember the twin asian hacker's name's, but we woulda been the equivalent =p Ok so you're on 13/14? i'll get on 16/15 in that oder, incase.

Wasn't it Blade and Razor?

Work with whatever you want, I'll be gone for the a week starting today.

wait...did I just see that right? "cwade12c r4tdance hackthissite realistic tweleve" spammed as a shameless flash plug. Wade man, that was just tight.  props man.

Well... I thought that since we were doing so many, I would spice up the series. =D

Yeah, it's coded in PHP and connects to a remote SQL database, for extra security.

Yeah, I have. I've got the layout of the mainpage near complete, and the registration script done. =)

It's going to be fun.