Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 19
Members Online: 3

Registered Members: 82823
Newest Member: Andyrayfun
Latest Articles

_JavaScript 1 to 7_

Arrow Image Article on JS 1 - 7 by system_meltdown, may contain spoilers.



Alright everyone, as you may or may not know, I\'ve made articles on: Basic 1 - 16, Apps 1 - 6 (2nd part coming soon), Web Patching 1 - 3, Real 7 and Real 4. Now it\'s time to cover the Javascript challenges 1 to 7. 8 to 13 will be released as soon as I write it. This article may contain spoilers.

_JavaScript 1_
Ok, when you get to this challenge, you see two boxes, User ID and password. Now, if you\'ve done basic1 you should know that you need to view the source :) with Javascript, the actual script is embedded in the source, it\'s not parsered like php, so you can still view it. Now, if you are using IE, you may notice that Right Click is disabled :o what now? I know! We find an alternative way to view it!! Just click the \"View\" tab in the menu at the top. Once you are reading the source you should notice the script and be able to get the user id and password, there we go, js1 out the way!

_JavaScript 2_
Alrighty then, js2...
This one gets annoying after a while with it\'s redirects, but if you are quick and you are using firefox, when it says \"You\'ll go back to the index\" just really quickly press Ctrl+U to view the source, or alternatively, you could do
view-source:http://www.hellboundhackers.org/challenges/js/js2
to view the source. Now when you find the script, you should notice that it isn\'t actually displayed there, it\'s including the script from another location, level2script.js, so all we need to do now is view that file, you should know what directory it is in. As soon as you can view this script file you can beat the level, so go back to the js2 index page and enter the pass you got into the box.

_JavaScript 3_
Like js1, when you get to this level, you see a user id box and a password box and also, in IE the mouse button is disabled, so by now you should know that we need to view the source and find this script. You may notice that this script is a little obscured to the others, this is because it is encoded in hex, so google for a hex decoder, then you\'ll be able to see the plain text of the script and beat this challenge.

_JavaScript 4_
JS4 time, for this one, you need to do what I got Hall Of Fame for, yep it\'s XSS time! As it says we have to view a cookie, you need to know some basic JS. I\'m assuming you all know basic JS and know how to alert it. So it tells you to \"Use This\" on the button and it uses $_GET to get what you submittedm, now if you look at the URl, it says ?submit=Use+this, try changing the \"use this\" to your XSS code :) then we have js4 done!

_JavaScript 5_
Like js2 this one is kept in a .js file, so you need to find that and then read the script very carefully, now in this script, it uses the getYear() function, instead of the getFullYear() function, this is a very bad idea because ever since the milenium getYear has messed up, e.g: in 1984 getYear would print out 84 and in 1999 it would print out 99, but ever since 2000 it started to go above 99 and carry on counting into 100s. From that you should be able to work it out.

_JavaScript 6_
Ok, for this you get a pass box and a submit button. To start off you view the source like normal, then you find the script, and if you know any JS then you should know that when you want to add words together you use \"something\"+\"something_else\", so once you\'ve found the right pass and added it all together you can either navigate to that file of you could put it in the box and submit.

_JavaScript 7_
Well, this one is very very very frustrating and annoyed the hell out of me. You have to pretty much do view-source:URL for this one and then save it to your HDD. Once you\'ve saved it you could manually figure out the pass or, you could make it alert the pass instead of redirecting you. Simplistic solution for an annoying challenge.


That\'s it for this article, but stick around, part two will be out very soon.

Please rate and comment on it

Comments

the_flashon May 16 2006 - 20:32:33
Nice article. You'll have one for every challenge on the site soon ^^
nightfox99on May 16 2006 - 20:46:39
Wow ain't there already like 10 of these articles on javascript??Shock
system_meltdownon May 16 2006 - 20:48:12
Yes, but like flash says, I'm aiming to have articles on most of the challenges, plus these go into deep detail Smile
LiveFastDieFunon May 16 2006 - 21:00:06
I like how these would actually help if you were stuck, unlike some other javascript articles.
system_meltdownon May 16 2006 - 21:22:03
Thanks Smile
pyrodude0303on May 17 2006 - 05:53:18
good job system...considering a 14 year old kid wrote it...(lol already did all js challenges b4 i read this Sad)....make some realistic challenges tuts. now!
knutraineron May 17 2006 - 08:21:29
What do you mean considering he is 14? The kid did an excellent job as far as any one is concerned.
system_meltdownon May 17 2006 - 18:31:07
Wooo thanks knutrainer!
chaunchothenachoon April 15 2007 - 17:17:39
this is a great article! i just bookmarked it :ninja:
Ninjacyph3ron March 05 2008 - 20:58:40
Very good article thnks System great work :happy:
pendraggonon June 28 2008 - 19:08:14
Good article it helped me out allot with out giving to much away. I was stuck on JS5 but after reading on how the function does not work properly I figured it right out.
pendraggonon June 28 2008 - 19:18:02
Good article it helped me out allot with out giving to much away. I was stuck on JS5 but after reading on how the function does not work properly I figured it right out.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.