Hack my hackable website [no longer available]

I created a "hackable" web app for a presentation I gave about web app security. Now you can try it out yourself.

Published: Tue, December 19, 2017, 23:10
Updated: Mon, April 13, 2020, 11:00
Category:
Security
Tag:
Challenge
Site no longer available
April 2020: It was a fun experiment, but I have for now removed the site hosting the hacking challenge. 🙂

tl;dr 🔗

Try to "hack" https://ra.gl/ [link broken] . You can see the rules and goal on that site.

Hack my site 🔗

I give a few talks every year. The last years I've mostly talked about different mobile development topics, but because of this blog I have recently had the opportunity to talk about web application security.

Last week I gave a talk at Google Developer Group Bergen, Norway. The talk was about hacking web apps.

After the talk itself we had a session with some hands-on "hacking" of a web app. For this I had created a web site that had intentional "security vulnerabilities".

The goal 🔗

The goal of the assignment is simple: Just log in on the administrator page at ra.gl [link broken] and get hold of your unique keyword that proves your accomplishment.

The rules 🔗

I have some rules so that the site isn't ruined completely. It is after all hosted in a shared hosting environment and I don't want anyone else harmed.

Please stay away from doing this: 🔗
  • DOS attacks
  • Port scanning
  • Attacks on any other sites or domains hosted on the same server
  • Attacks on network infrastructure
  • Attacks on server software (OS, app server, programming frameworks)
  • Any interference or attacks on the web host company
  • Anything you think might not be okay
Please do this: 🔗
  • Try to find any logical errors and/or information leaks in the web pages within this domains

The tools 🔗

You don't really need anything else then your browser's development tools. Personally I like to frequently use its "Copy as cURL" menu option and tweak the HTTP requests in a simple text editor.

The vulnerabilities 🔗

The security vulnerabilities are the typical ones that I have found and presented on my blog. I you have read some of those posts you might have some clues on what it could be.

It's isn't a very hard task to break in. But that is actually part of the point. There are some many weaknesses with so many web apps today. With some knowledge and open eyes you can get far. If you are able to hit gold all the way you can solve it within some minutes, but most people seem to need more time.

Happy hacking! 🔗

I hope you enjoy this small assignment! Don't hesitate to give me feedback or if you have any ideas for improvements or other cool stuff that should be included. :-)

Start hacking! [link broken]

Site no longer available
April 2020: It was a fun experiment, but I have for now removed the site hosting the hacking challenge. 🙂
Get notified when there are new posts! :-)