Skip to main content

Hack This Site JavaScript Mission 6 - go go away .js

Fiftysixer decided to try his hand at javascript!All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.He didn't mind, in fact, he did his best to make it even MORE confusing!
As usual I Tried by giving random input and hitting check password
error message alert : Nope, try again
so I got a hint..like in other mission we can look in the source-code for "Nope, try again".
Right click the page and select view source.
ctrl+f  find tab opens ,paste "Nope, try again" hit enter.

<script language="javascript">
RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "about:blank";
} else {
alert("Rawr, nope, try again!");
}
}

function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}

</script>

This is where we get to know that mission hint says right ..source has unwanted script too..but which one?its easy to find.go back to our page right click on the check password button and hit inspect (in chrome).You will see the code behind it.
<button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password</button>

From this its clear,our password is sent to function checkpass().
Here comes the twist,there is no such function the the codes we got early.Only thing is that in second function,"checkpassw()" they call "checkpass()".
but, we are closer . Goto source code and ctrl+f and search for "checkpass"
then you will see


<script type="text/javascript" src="/missions/javascript/6/checkpass.js"></script>

So,the check function is in an external js document.just visit the file by either clicking the src link or going to

https://www.hackthissite.org/missions/javascript/6/checkpass.js

dairycow="moo";
moo = "pwns";
rawr = "moo";

function checkpass(pass)
{
if(pass == rawr+" "+moo)
{
alert("How did you do that??? Good job!");
window.location = "../../../missions/javascript/6/?lvl_password="+pass;
} else {
alert("Nope, try again");
}

}

This is quite simple code to know the password from
if(pass == rawr+" "+moo)
Find out you self! Dont look password here unless you cant get it!
Password

Comments

Popular posts from this blog

Hack Invite Code To Register - Hack The Box

Recently I found another website that have more advanced hacking challenges...I know I need to cover other websites which i have promised you but something in this website is interesting.For registering in this website,you need to hack and get an invite code.So, I thought to deviate from our regular topic and talk about it.
The WEBSITE is

HACK THE BOX

They are asking invite code for registering.As usual i checked source-code of the page.Since I found nothing suspicious,I started looking at JavaScript and found one that seems can help me.


<script defer src="/js/inviteapi.min.js"></script>I visited the js..There is a script and i found some keywords from that like "log","invite","verifyInviteCode","makeInviteCode"I went back to our registration page now right clicked and selected inspect.

SELECT CONSOLE

 Try typing in each keyword and check if function exist.


I got output when i checked verifyInviteCode();
But, there was no help fro…

Hack This Site Basic 11

Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.As you may have noticed! when we visit this level all we are given with is some line about song.This line changes on each refresh.From this we assume that this is not the real page we need to visit.But how we find our requirement? There is a tool in Kali Linux called 'Dirb'. But for now Iam using an online service for this
>>URL FUZZER<< . First we give the url and search for files with .php extension.
select start scan.Wait for scan to finish.
So,we have found a file.Now visit it as: https://www.hackthissite.org/missions/basic/11/index.php
There is our login page.still we are stuck!we don't have the password or any hint in the source code of this page. Lets run another scan on the URL Fuzzer ,this time for directories  Same way start scan and wait for it to finish. There are two possible directories. first we try /index/ ..but it seems n…

HackThisSite Realistic Mission 2

Chicago American Nazi Party Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!  ================================================
From: DestroyFascism 
Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.
 ================================================ So a guy named DestroyFascism  is asking for our help.Lets visit the website and check the steps we did in previous missions to find vulnerability. Right click and select view source.There is only 52 lines of code. Check the code for suspicious data.I found something!

CODE ------------------------------------------------------------- <a href="update.php">…