August 29, 2011

RankMyHack.Com – Who is the coolest web hacker

Who is the coolest web hacker? Everyone who is involved in the field of information security asks this question from time to time. LulzSecurity? Anonymous? Anyone else? It seems impossible to objectively identify someone as the best one. However, a site appeared in the Net a couple weeks ago which is aimed at determining who the best hacker is indeed! This site is http://RankMyHack.com. As soon as the resource was created, information about it started spreading all over the Internet. Serious Internet sources such as New York Times mentioned this site in their pages. Numerous hackers rushed to find out who is the coolest one among them …

As for the resource – its developers allow web hackers to estimate any break-in “objectively.” For every submission of a website hack, the participant receives points. The bigger the points, the higher the participant is in the rating.

The RankMyHack.Com project also provides a feature of estimating any web site. I got interested in the functions of this chart and decided to check my own home page… The result was confusing. The points gained for “compromise” of a third-level domain home page are equal to the points gained for real compromise of a second-level domain page! This fact made me doubt the reliability of data represented in the project’s rating. Meanwhile, respected media were already publishing information about outstanding compromises of rambler.ru, google.com, narod.ru… It was decided to put everything to test.

At first, a website supersite.ucoz.lv was registered. The next step was to find out how many points a participant will receive if he/she proves a successful attack against this site.

872098 points is not bad, is it? The participant “blackfun” gained 1500000 points for “compromise” of google.com and the participant “m_script” gained 842696 points for “compromise” of rambler.ru! Ha-ha! They say that break-in of my home page is cooler than break-in of rambler.ru ! )))

Let’s register in the RankMyHack system:

After registration, it becomes possible to add a hacked site into the rating system.

For this purpose, it is required to insert the string from the [Your_Unique_Code] field into the body of the main page of the “compomised” website. That’s what we do:

Let’s check whether the code was correctly added to the web page.

Done! Now we go back to RankMyHack.com and add the “compromised” site:

The system accepts our request. However, the algorithm implementation seems to be incorrect and the system considers the website http://ucoz.lv instead of its child domain to be hacked.

Let’s look at the system rating:

Isn’t it funny that the participant “superman” managed to become the 10th in the TOP_HACKERS rating for 5 minutes? It is a good result! We decided to stop here, because it was already clear that the 1st place and international acclaim are not far off =)))

Here are some guys who have tried another way: http://pastebin.com/bq8xJPMn. The results also lead us to doubt the reliability of the RankMyHack.Com rating.

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete