Main:advertisement
Article on JS 1 - 7 by system_meltdown, may contain spoilers.
Alright everyone, as you may or may not know, I've made articles on: Basic 1 - 16, Apps 1 - 6 (2nd part coming soon), Web Patching 1 - 3, Real 7 and Real 4. Now it's time to cover the Javascript challenges 1 to 7. 8 to 13 will be released as soon as I write it. This article may contain spoilers.
_Javascript 1_
Ok, when you get to this challenge, you see two boxes, User ID and password. Now, if you've done basic1 you should know that you need to view the source :) with Javascript, the actual script is embedded in the source, it's not parsered like php, so you can still view it. Now, if you are using IE, you may notice that Right Click is disabled :o what now? I know! We find an alternative way to view it!! Just click the "View" tab in the menu at the top. Once you are reading the source you should notice the script and be able to get the user id and password, there we go, js1 out the way!
_Javascript 2_
Alrighty then, js2...
This one gets annoying after a while with it's redirects, but if you are quick and you are using firefox, when it says "You'll go back to the index" just really quickly press Ctrl+U to view the source, or alternatively, you could do
view-source:http://www.hellboundhackers.org/challenges/js/js2
to view the source. Now when you find the script, you should notice that it isn't actually displayed there, it's including the script from another location, level2script.js, so all we need to do now is view that file, you should know what directory it is in. As soon as you can view this script file you can beat the level, so go back to the js2 index page and enter the pass you got into the box.
_Javascript 3_
Like js1, when you get to this level, you see a user id box and a password box and also, in IE the mouse button is disabled, so by now you should know that we need to view the source and find this script. You may notice that this script is a little obscured to the others, this is because it is encoded in hex, so google for a hex decoder, then you'll be able to see the plain text of the script and beat this challenge.
_Javascript 4_
JS4 time, for this one, you need to do what I got Hall Of Fame for, yep it's XSS time! As it says we have to view a cookie, you need to know some basic JS. I'm assuming you all know basic JS and know how to alert it. So it tells you to "Use This" on the button and it uses $_GET to get what you submittedm, now if you look at the URl, it says ?submit=Use+this, try changing the "use this" to your XSS code :) then we have js4 done!
_Javascript 5_
Like js2 this one is kept in a .js file, so you need to find that and then read the script very carefully, now in this script, it uses the getYear() function, instead of the getFullYear() function, this is a very bad idea because ever since the milenium getYear has messed up, e.g: in 1984 getYear would print out 84 and in 1999 it would print out 99, but ever since 2000 it started to go above 99 and carry on counting into 100s. From that you should be able to work it out.
_Javascript 6_
Ok, for this you get a pass box and a submit button. To start off you view the source like normal, then you find the script, and if you know any JS then you should know that when you want to add words together you use "something"+"something_else", so once you've found the right pass and added it all together you can either navigate to that file of you could put it in the box and submit.
_Javascript 7_
Well, this one is very very very frustrating and annoyed the hell out of me. You have to pretty much do view-source:URL for this one and then save it to your HDD. Once you've saved it you could manually figure out the pass or, you could make it alert the pass instead of redirecting you. Simplistic solution for an annoying challenge.
That's it for this article, but stick around, part two will be out very soon.
Please rate and comment on it
Posted by 
