Follow us on Twitter!
Ideas are far more powerful than guns.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 27
Members Online: 0

Registered Members: 82843
Newest Member: hx47
Latest Articles

Hacking Javascripts

Arrow Image An all-round way on how to hack javascripts.



Allright, for all you peeps out there who are having trouble hacking your way through a simple javascript, I wrote this simple but effective article.


Let\'s start with the following question: What happens when we enter our password into a javascript? OR What actions performs the script to verify us?

The answer is simple: The script compares our input with a given value or variable.


Let us look a 3 different examples:

1) Comparing with a given value

function checkpass {
if (enteredpassword==\"dapass\") {
alert(\"You got it!\")
}
else {
alert(\"Invalid UserID\")
}
}

I suppose nobody has problems with this. The password you need to enter is dapass.


2) Comparing with a variable

function checkpass {
var pass = \"dapass\"

if (enteredpassword==pass) {
alert(\"You got it!\")
}
else {
alert(\"Invalid UserID\")
}
}

I think this is also a very simple script. You clearly see what value/variable the script is comparing your input to and what its value is.


3) Comparing with a variable but...

function checkpass {
var pass = \"da\"
var pass2 = \"pass\"
var pass3 = pass + pass2 //this line combines \"da\" and \"pass\" into \"dapass\"

if (enteredpassword==pass3) {
alert(\"You got it!\")
}
else {
alert(\"Invalid UserID\")
}
}

John Doe might think: \"w00t this is too easy!\" and yes this is an easy script but it\'s the concept that counts. What if you all sorts of calculations and functions that are editing the final variable. You could reconstruct everything but that will take a while, no? John Doe will possibly think: \"I will just enter javascript:alert(pass3) in my browser to pop up a window with the pass. OK... huh? Why is the box empty?\"

A big hint to everyone: always try the script with some bibberish else some variables/actions won\'t yet be initialized/used. So no wonder JD gets an empty alertbox: the operation pass + pass2 in the pass3 variable was never excuted thus it doesn\'t contain any value!

After excuting the script with random values JD finds the pass with javascript:alert(pass3) and he lives happely ever after...


NOTE 1: Scripts could not be in the page itself but in an external file. You can use the JSView extension for Firefox to easily find external javascripts/css-files.

NOTE 2: the method described in 3 requires some logical thinking (*) and you will need to view the script itself to get the variable (duh!). (*) e.g. if the script says if (enteredpassword==pass) {...} don\'t start looking in the variable pass3 or anything ;)


Voila, I hope this article helped you and contained just what you were expecting. If you want to know or you\'re thinking: \"Why isn\'t this or that discussed here?\" Just leave a comment and I\'ll add it or simply write a v2 of my article ;)

The_Cell

Comments

godon April 16 2006 - 20:55:51
haha great Pfft u can solve almost all the stegs on this site.. **and he lives happely ever after...** made me laugh Pfft i was hoping maybe someone could make a new genre of javascript challenges? ones that need another .. concept....
The_Cellon April 16 2006 - 21:06:28
I think you mean javascript instead of stegs Pfft Thanx fopr comment, I get the hint...I'll do my best Wink
godon April 16 2006 - 21:18:10
yep lol javascripts** Pfft well i wasnt implying you, just talking in general Smile
aFkon September 10 2006 - 03:11:36
what if we get this type of pass check. /// if(encrypt==checkpass&&tell==0){alert('Access Granted'Wink please pm me. more of code is alcode=deconstruct var encrypt=new Array() for(count=2;count<finalcode.length+2;count+=2){ eval("encrypt["+((count/2)-1)+"]='"+((finalcode.charAt(count-2)!='0'Wink?finalcode.charAt(count-2):''Wink+""+finalcode.charAt(count-1)+"'"Wink encrypt[((count/2)-1)]=acharset.charAt(Math.round((acharset.length*encrypt[((count/2)-1)])/100)) } encrypt=encrypt.join(''Wink if(counttimes<times){mkasci(encrypt)} else { counttimes=0 if(encrypt==checkpass&&tell==0){alert('Access Granted'Wink;location.replace(storeup+encrypt.substring(0,5)+".html"Wink;} else { if(tell==1){document.write("<B>"+storeup+"</B> is encrypted as <B>"+encrypt+"</B>"Wink;} else { if(history.length>0){ alert("Access Denied"Wink; history.go(-1); } else {location.replace("http://polymathic.tripod.com/hs/reject.html"Wink}
aFkon September 10 2006 - 03:25:42
sorry that looked sloppy. just visit here and view the source, Thanks great article by the way.. Please Pm me regarding this here's source link http://www.bailacademy.org/restrictedarea.html
The_Cellon October 04 2006 - 20:42:01
I suggest echoing all the variables and then try to roughly recontruct how the scrip edits all of its strings.
sleazoidon February 18 2007 - 07:34:01
nice articleB)
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.