Skip to main content

Hack This Site JavaScript Mission 7 - JS Obfuscation. FTW!


There is No hint Given to us!All we have is the name 
JS Obfuscation. FTW!

What this means?Obfuscation- the action of making something obscure, unclear, or unintelligible.
So clearly,it has some thing to deal with the JavaScript code.Lets find out.
As usual, I typed in something in the input box and hit "check password"
Got an alert "WRONG! Try again!"
Now , as usual we have to go for this in the source code.
Right click and select view page source (for chrome).In that search for 

"WRONG! Try again!"

Wow! no code found!what will we do?don't worry! go back to our page and right click on check password and select inspect.Got the code below:
<button onclick="javascript:if (document.getElementById(&quot;pass&quot;).value==&quot;j00w1n&quot;){alert(&quot;You WIN!&quot;);window.location += &quot;?lvl_password=&quot;+document.getElementById(&quot;pass&quot;).value}else {alert(&quot;WRONG! Try again!&quot;)}">Check Password</button>

You can see,Our input is being checked here,JavaScript is written here.
&quot; is same as "
so document.getElementById(&quot;pass&quot;).value
Gets the value we give as input and checks it with &quot;j00w1n&quot;
that is   "j00w1n" 
So, Now you have the password.We Have Completed all the JavaScript challenges!

Comments

Popular posts from this blog

Where Can i Learn Hacking?

There are a lots of tutorials out there in internet.Most of them you guys will ignore as I did earlier..don't ignore any tutorial or tool. There are websites where we are given with challenges for hacking like in DVWA-Damn Vulnerable Web Application. Some of them are, Hack This Site |   HackThisSite.org Hack This Site is more than just a website; it’s a platform for education and a community for security enthusiasts. Hack This Site is a great stopping point for security professionals and developers alike, as it offers varying levels and topics to delve into as you practice hacking. HackThis!! |   hackthis.co.uk Deemed ‘the Hacker’s Playground,’ HackThis!! offers various levels and areas of study when practicing your hacking skills. Similar to Hack This Site, HackThis!! is also a good place to go for security-related news, presentations and to connect with like-minded folk in their forum. HellBound Hackers  |   hellboundhackers.org ...

Hack This Site Basic 8

Sam remains confident that an obscured password file is still the best idea, but he screwed up with the calendar program. Sam has saved the unencrypted password file in /var/www/hackthissite.org/html/missions/basic/8/  However, Sam's young daughter Stephanie has just learned to program in PHP. She's talented for her age, but she knows nothing about security. She recently learned about saving files, and she wrote a script to demonstrate her ability. So, we know the password is stored in some obscured password file.  Lets try the same code as we did in level 7. But the code 'ls' is not treated as command. so lets try it differently. Try with aaa;<!--ls--> it also failed but got a message: If you are trying to use server side includes to solve the challenge, you are on the right track: but I have limited the commands allowed to ones relevant towards finding the password file for security reasons(because there will always be that one person who decides to ...

Hack This Site! Basic 4

This time Sam hardcoded the password into the script. However, the password is long and complex, and Sam is often forgetful. So he wrote a script that would email his password to him auto And below this,There is a button for sending password to Sam's email.What we should do? right click on the button ,if you are in google chrome ,select > inspect . Now on right side you could see the script of that button. In this script you could see, <input type="hidden" name="to" value="sam@hackthissite.org"> Got any idea? yea , all you have to do is change the email to whatever  email you registered in Hackthis site ! Now check your mail,there must be the password you needed! Keep going!