Skip to main content

Hack This Site JavaScript Mission 6 - go go away .js

Fiftysixer decided to try his hand at javascript!All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.He didn't mind, in fact, he did his best to make it even MORE confusing!
As usual I Tried by giving random input and hitting check password
error message alert : Nope, try again
so I got a hint..like in other mission we can look in the source-code for "Nope, try again".
Right click the page and select view source.
ctrl+f  find tab opens ,paste "Nope, try again" hit enter.

<script language="javascript">
RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "about:blank";
} else {
alert("Rawr, nope, try again!");
}
}

function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}

</script>

This is where we get to know that mission hint says right ..source has unwanted script too..but which one?its easy to find.go back to our page right click on the check password button and hit inspect (in chrome).You will see the code behind it.
<button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password</button>

From this its clear,our password is sent to function checkpass().
Here comes the twist,there is no such function the the codes we got early.Only thing is that in second function,"checkpassw()" they call "checkpass()".
but, we are closer . Goto source code and ctrl+f and search for "checkpass"
then you will see


<script type="text/javascript" src="/missions/javascript/6/checkpass.js"></script>

So,the check function is in an external js document.just visit the file by either clicking the src link or going to

https://www.hackthissite.org/missions/javascript/6/checkpass.js

dairycow="moo";
moo = "pwns";
rawr = "moo";

function checkpass(pass)
{
if(pass == rawr+" "+moo)
{
alert("How did you do that??? Good job!");
window.location = "../../../missions/javascript/6/?lvl_password="+pass;
} else {
alert("Nope, try again");
}

}

This is quite simple code to know the password from
if(pass == rawr+" "+moo)
Find out you self! Dont look password here unless you cant get it!
Password

Comments

Popular posts from this blog

Hack This Site Basic 1 Tutorial

Lets start our journey with hack this site.Visit the website and make an account.Login with your account.
Now we are going to look at basic 1.
Select Basic missions from left tab and choose basic 1

"This level is what we call "The Idiot Test", if you can't complete it, don't give up on learning all you can, but, don't go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue. "

This is the easiest level.It teaches you this, you should first look into the source code for some clue or vulnerability.
Yes! Just right click on the page and select view-source.Now you can see the source code.Read along the lines until you find the line containing password:
SPOILER HERE Yes you have hacked the first level!

Hack Invite Code To Register - Hack The Box

Recently I found another website that have more advanced hacking challenges...I know I need to cover other websites which i have promised you but something in this website is interesting.For registering in this website,you need to hack and get an invite code.So, I thought to deviate from our regular topic and talk about it.
The WEBSITE is

HACK THE BOX

They are asking invite code for registering.As usual i checked source-code of the page.Since I found nothing suspicious,I started looking at JavaScript and found one that seems can help me.


<script defer src="/js/inviteapi.min.js"></script>I visited the js..There is a script and i found some keywords from that like "log","invite","verifyInviteCode","makeInviteCode"I went back to our registration page now right clicked and selected inspect.

SELECT CONSOLE

 Try typing in each keyword and check if function exist.


I got output when i checked verifyInviteCode();
But, there was no help fro…

What Is Hacking?Who can be a Hacker?

Well the question is quiet simple,but i choose to explain it basically so that every one can understand it.
Before that i must say,don't be interested to hacking by seeing images of hacker like the one above,if you think you wanna be portrayed as above,all you need to learn is Photoshop :)
Most of us,in Our childhood must have had toys.When we have one we try to know how it functions,by somehow opening it and once we know its working, we try to alter it to our own wish even though most of us fail!
A hacker has same mind set where he try to break through the security measures applied by the application or website makers.When we hear the name hacker first thing that comes to our mind is he will hack our facebook,twitter,computer and everything.Even though a very elite hacker may know to bypass the security of all these ,mostly they may not . What i mean is may be a hacker know to bypass security of webpages but not to crack games but still he is a hacker.
In simple words,Hacking is a mi…