Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 23
Members Online: 2

Registered Members: 82844
Newest Member: Jimmy Zhang
Latest Articles

Javascript Challenges 1-11

Arrow Image This article is a list of short walkthroughs/tips for Javascript challenges 1 to 11



This article is a list of short walkthroughs/tips for Javascript challenges 1 to 11


Javascript Challenge 1
Check the source of this one, find the script and have a good look around.
-=-
Javascript Challenge 2
Find a way to view the source of the page, and .. If you use Firefox, the view-source protocol is very helpful
-=-
Javascript Challenge 3
Find a way to unescape the obscured text in the source (or look it over closely), and you will be able to find the password.
-=-
Javascript Challenge 4
Press the button and see what happens.. Ever heard of Cross Site Scripting (XSS)? If not, google it.
-=-
Javascript Challenge 5
This one`s pretty straightforward, find the javascript file and figure the password out.
If you don`t know what the (obsolete) getYear() method does, do some research on how works.. I guess one can say it`s not Y2K compliant.
-=-
Javascript Challenge 6
This one might be misleading at first. Check the source and.. well.. answer right in front of you.
-=-
Javascript Challenge 7
View the source of the site, you basically have a lazy way and a way in which you might learn something.
You`ll be able to figure it out if you know how the substring() method works.
Basically, str.substring(5,50) returns 45 characters. It returns the 5th to (but NOT including) the 50th character in "str".

If you`re lazy, you could always run the code locally and slightly modify the code.
Remember: docu<i></i>ment.write[ln] is your friend.
-=-
Javascript Challenge 8
Check the source. Hmm.. Hex code? http://nickciske.com/tools/ has a nice hex to ascii to hex encoder/decoder.
Weird result.. Let`s just act like we`re crazy and try entering it.
I will leave the rest of the challenge to you, but let me tell you this: the solution is simple, but not apparent.
-=-
Javascript Challenge 9
Well, I don`t think we want to wait 9.5 hours to enter our solution, so check the source and find the countdown loop.
You`ll want to use Javascript injection to alter a variable.
Once you got that, check the source again and you`ll be able to figure it out I`m sure.
-=-
Javascript Challenge 10
Once again, there`s a lazy way to do this, and a kind of.. tedious way.. I myself picked the lazy way, but I`ll describe the long way.
Press the Check button to initialize the variables.
First you`ll want to find out the a, b and c variables. You could use javascript:alert(var.charCodeAt(*)) to find out or look up the charcodes.
Next, do some math..
Decrypt the other variable that is part of the password and you`ll have it, matey!

Of course, the lazy way is so much quicker than this....
-=-
Javascript Challenge 11
Just use the 'lazy' way mentioned before here.. javascript:alert(??????) in the address bar will be easiest.
-=-
Well that`s all of `em.. If you have any questions, let me know. If you think I gave too much away, let me know too.

Good luck!

-Sec

Comments

chris1994on February 06 2011 - 22:08:53
for javascript challenge 11 i did a javascript injection changing the asdf variable when i check the password it says 'well done dude' however i get no points :angry: what am i doing wrong???
DonMilanoon April 10 2012 - 21:28:02
@chris1994: Just go straightforward, what's the big deal with changing vars anyway... Ur supposed to beat the challenge, and learn something, dude! Grin I could imagine the following to be happening in ur case: The javascript function checkpass() or whatever is executed all right (after u altered the var asdf), but there might be a second check running in the background (which u cannot see), and that checks if u really entered the correct value for asdf. So the alert box saying "well done dude" pops up, but you haven't passed the second test, so u get no points. (You can only modify what HBH wants you to modify to beat the challenge; they don't want you hacking their site Grin) regards DM
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.