Main:
A list of things to know and use to help you get through the Javascript challenges.
Hello to everyone who reads my article in the future. This is my first article and instead of telling people how to do each challenge I thought I would give tips that will help them throughout the Javascript challenges. It's your job to find out what to use and where to use it. I’m going to divide this article up into sections to hopefully make it easier to read.
First off, if your doing Javascript challenges it's a good thing to know a bit about Javascript itself. So go to a site like W3Schools (http://www.w3schools.com/) or another site you may know or have heard of and learn some Javascript.
--------------------------------------------------------Tools --------------------------------------------------------
Next a good thing to have for the Javascript challenges is Firefox. So if you don't have it, go get it. I'll even provide a link if your to lazy to find it yourself.
http://www.mozilla-europe.org/en/products/firefox/
Along with Firefox, there are a few cool addons that would be a great help in some of the challenges(they might even help in challenges outside of the Javascript one). They are:
- Web Developer: (https://addons.mozilla.org/en-US/firefox/addon/60)
This can be a great little help in some challenges. It can disable things such as Javascript, it can view cookie information and much more. I'll let you play around with it and figure out more.
- Firebug:(https://addons.mozilla.org/en-US/firefox/addon/1843)
This is not necessary but can be useful if you know what your doing.
You can look around for some extras if you ever feel like it(Here at https://addons.mozilla.org/en-US/firefox/). You might find something you like.
Another couple sites that will help you out in the future are:
- http://www.yellowpipe.com/yis/tools/encrypter/index.php
^This site will be used to encrypt or decrypt whatever you may need to encrypt or decrypt
- http://www.w3schools.com/js/tryit.asp?filename=tryjs_text
^This is W3Schools Tryit Editor. You can use this to play around with some Javascript you might find in the challenges. If you know what your doing this could DO a few challenges for you.
--------------------------------------------------------Source --------------------------------------------------------
OK that will give you a few advantages for some of these challenges but if you don't know what your doing they're not much good to you.
Well the first thing you need to know is how to view the page source. Now I'm going to assume you all know how to do this but if you happen to need some review here's how to do it(for firefox):
- You can use ctrl+u
OR
- You can go up to the top of Firefox where it says File and all that stuff and go view -> Page Source
Easy but VERY important in these challenges.
Another good thing to learn how do to is to view a page source without having to visit the actual page. Here's how:
- First you need is the address to the page you want to view the source of (http://www.hellboundhackers.org/challenges/js/whatever/etc) This can be done easily by right clicking on the link, selecting properties and copying the address shown.
- Next go up to where you type in the address and type in "view-source:" without the quotation marks and the past the address you copied after it. This will open the source to any page without having to visit the page.
------------------------------------------------Javascript Injections ------------------------------------------------
------------------------------------------- and a quick comment on XSS ------------------------------------------
Another thing will be helpful to know is basic XSS(very basic...like sooo basic you only need this site to help you: http://www.securiteam.com/securitynews/5CP052A8AU.html) and Javascript Injections. Like I said basically the only thing you need to know about XSS is in that link for these challenges but I will explain a bit about Javascript Injections. JS Injections can be helpful in a nice few areas of these challenges; basically you can view cookies, change variables or cookies, and other things by using JS Injections.
First off JS Injections are put into the URL bar. So where you see http://www.whatever.etc you completely delete it all. You will then write "javascript:" in it's place followed by either "alert()" or "void()". So it will look like either
javascript:alert()
OR
javascript:void()
Of course there will be different kinds of things that can go into the brackets, otherwise they wouldn't do anything.
Now for these challenges one big thing to know is how to manipulate cookies through JS Injections. There are a couple different things that can be done to manipulate cookies. One is simply getting the page to display cookies. You might need to do this because sometimes there is important information in the cookies that you'll need to know to complete the challenge. To alert the cookies you have to use this command:
javascript:alert(document.cookie)
Now what if you want to change a cookie to get a certain result. For example you see a cookie with authorization set to false. Maybe you want to set this to true and see if it gives you access. This can be done using the void() injection. To do this you would have to use this:
javascript:void(doument.cookie="authorized=true")
This would change that authorization from false to true. This can be used in other situations to. Another little piece of information you might find useful is that you can use more than one command at once. For example what if you wanted to change a cookie then check and make sure you changed it. You could do this:
javascript:void(document.cookie="authorized=true");javascript:alert(document.cookie)
This would alert the cookies for you and you should see the change you made first to the cookie.
Another thing you might find interesting is that you can alert and alter variables using JS Injections. For example:
javascript:alert(x) will alert the x variable used(assuming one actually is used of course). Now what if you wanted to change this variable x to something else. Well you could simply use the void() injection: javascript:void(x=y) where "y" whatever you want to replace x with. This one might prove useful because you can actually alert the answer sometimes with JS Injection of variables.
There are more things you can alter with JS Injections like forms but it is not necessary for me to cover in this article because basically you don't need it. Cookies are the important thing for these challenges. However if you would like to learn about JS Injections and forms you can look up javascript injection articles and you'll find it.
----------------------------------------------------Conclusion ----------------------------------------------------
Well that's it for my article. If you keep these tips in mind it should help you. Remember to go and learn some Javascript, it's important, not just for these challenges but it's something that is used in many websites. Feel free to rate my article or criticize it(please make it constructive if you do).
Edit: Thanks to moshbat and UberOn for the suggestions I’m going to add more information to hopefully make this article even better and more useful.
~ShapeShifters
First off, if your doing Javascript challenges it's a good thing to know a bit about Javascript itself. So go to a site like W3Schools (http://www.w3schools.com/) or another site you may know or have heard of and learn some Javascript.
--------------------------------------------------------Tools --------------------------------------------------------
Next a good thing to have for the Javascript challenges is Firefox. So if you don't have it, go get it. I'll even provide a link if your to lazy to find it yourself.
http://www.mozilla-europe.org/en/products/firefox/
Along with Firefox, there are a few cool addons that would be a great help in some of the challenges(they might even help in challenges outside of the Javascript one). They are:
- Web Developer: (https://addons.mozilla.org/en-US/firefox/addon/60)
This can be a great little help in some challenges. It can disable things such as Javascript, it can view cookie information and much more. I'll let you play around with it and figure out more.
- Firebug:(https://addons.mozilla.org/en-US/firefox/addon/1843)
This is not necessary but can be useful if you know what your doing.
You can look around for some extras if you ever feel like it(Here at https://addons.mozilla.org/en-US/firefox/). You might find something you like.
Another couple sites that will help you out in the future are:
- http://www.yellowpipe.com/yis/tools/encrypter/index.php
^This site will be used to encrypt or decrypt whatever you may need to encrypt or decrypt
- http://www.w3schools.com/js/tryit.asp?filename=tryjs_text
^This is W3Schools Tryit Editor. You can use this to play around with some Javascript you might find in the challenges. If you know what your doing this could DO a few challenges for you.
--------------------------------------------------------Source --------------------------------------------------------
OK that will give you a few advantages for some of these challenges but if you don't know what your doing they're not much good to you.
Well the first thing you need to know is how to view the page source. Now I'm going to assume you all know how to do this but if you happen to need some review here's how to do it(for firefox):
- You can use ctrl+u
OR
- You can go up to the top of Firefox where it says File and all that stuff and go view -> Page Source
Easy but VERY important in these challenges.
Another good thing to learn how do to is to view a page source without having to visit the actual page. Here's how:
- First you need is the address to the page you want to view the source of (http://www.hellboundhackers.org/challenges/js/whatever/etc) This can be done easily by right clicking on the link, selecting properties and copying the address shown.
- Next go up to where you type in the address and type in "view-source:" without the quotation marks and the past the address you copied after it. This will open the source to any page without having to visit the page.
------------------------------------------------Javascript Injections ------------------------------------------------
------------------------------------------- and a quick comment on XSS ------------------------------------------
Another thing will be helpful to know is basic XSS(very basic...like sooo basic you only need this site to help you: http://www.securiteam.com/securitynews/5CP052A8AU.html) and Javascript Injections. Like I said basically the only thing you need to know about XSS is in that link for these challenges but I will explain a bit about Javascript Injections. JS Injections can be helpful in a nice few areas of these challenges; basically you can view cookies, change variables or cookies, and other things by using JS Injections.
First off JS Injections are put into the URL bar. So where you see http://www.whatever.etc you completely delete it all. You will then write "javascript:" in it's place followed by either "alert()" or "void()". So it will look like either
javascript:alert()
OR
javascript:void()
Of course there will be different kinds of things that can go into the brackets, otherwise they wouldn't do anything.
Now for these challenges one big thing to know is how to manipulate cookies through JS Injections. There are a couple different things that can be done to manipulate cookies. One is simply getting the page to display cookies. You might need to do this because sometimes there is important information in the cookies that you'll need to know to complete the challenge. To alert the cookies you have to use this command:
javascript:alert(document.cookie)
Now what if you want to change a cookie to get a certain result. For example you see a cookie with authorization set to false. Maybe you want to set this to true and see if it gives you access. This can be done using the void() injection. To do this you would have to use this:
javascript:void(doument.cookie="authorized=true")
This would change that authorization from false to true. This can be used in other situations to. Another little piece of information you might find useful is that you can use more than one command at once. For example what if you wanted to change a cookie then check and make sure you changed it. You could do this:
javascript:void(document.cookie="authorized=true");javascript:alert(document.cookie)
This would alert the cookies for you and you should see the change you made first to the cookie.
Another thing you might find interesting is that you can alert and alter variables using JS Injections. For example:
javascript:alert(x) will alert the x variable used(assuming one actually is used of course). Now what if you wanted to change this variable x to something else. Well you could simply use the void() injection: javascript:void(x=y) where "y" whatever you want to replace x with. This one might prove useful because you can actually alert the answer sometimes with JS Injection of variables.
There are more things you can alter with JS Injections like forms but it is not necessary for me to cover in this article because basically you don't need it. Cookies are the important thing for these challenges. However if you would like to learn about JS Injections and forms you can look up javascript injection articles and you'll find it.
----------------------------------------------------Conclusion ----------------------------------------------------
Well that's it for my article. If you keep these tips in mind it should help you. Remember to go and learn some Javascript, it's important, not just for these challenges but it's something that is used in many websites. Feel free to rate my article or criticize it(please make it constructive if you do).
Edit: Thanks to moshbat and UberOn for the suggestions I’m going to add more information to hopefully make this article even better and more useful.
~ShapeShifters
Posted by 
