Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 19
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

Javascript 9 Guide - without JS injection

Arrow Image This is a guide written with little spoilers intended.
You may have seen many people do this challenge using javascript injection, however, this is not the only way...



This is my first article so feel free to make suggestions and comments. Also please rate it below.

Requirements:
basic HTML knowledge
basic JS knowledge
__________

This challenge isn\'t too hard if you have the right
knowledge and tools. So you load the page and you see a countdown timer... but what is this??? 34200 seconds... that\'s equivalent to nine and a half hours. You COULD wait but I wouldn\'t. It would also behoove you to note the number that the countdown starts at.

First, as always, it is good to look at the source of the page. Since this is a javascript challenge... it would probably be a good idea to look for some scripts. Now since the source is long, maybe Ctrl+F could help. Think of something you could search for. Think about how the script starts.

Once you\'ve found the line
(looks like: \"v*r * = ***0*;\") you could change it to make the shorting time shorter (think smaller number). However you can\'t change it in the view source page. At this point you use an injection
statement to change the number, or you could change the source by saving it to your computer or using this tool: <http://htmledit.squarefree.com/>.

Now you\'ve changed it and opened it... once the countdown stops (you know it works if the number starts lower or at 0) there will be a box where you enter the password. You do it and.. what’s this? A page not found error... damn. Now there must be some reason why the page requested isn’t found. The error message, however, contains the page that wasn\'t found.

Now if you look at the source again, there will be an encoded section, near where you found the
earlier useful line of code, that tells what action the submit button performs. Here is a good URL that you can use to DECODE the gibberish:
<http://www.yellowpipe.com/yis/tools/encrypter/index.php>.

Now you can edit the code and change to URL... just adding a part so the page will work properly. Then just re-encode it.
Note: the decoder automatically performs a step in decoding so you can read it in English. You will need to do this step in re-encoding. So you will have to encode the edited text twice: the result of the first encoded to the second. The second encoding will also be the first reversed (the URL will be able to do this).

Just overwrite the old code line with the new one and it should work. At the beginning you may have to add an encoded \"<\" at the beginning.
Now open the page edited again and enter the password and you get your points. Enjoy them. :)

Thanks and good luck, br3nd0n.

Comments

brendoncon November 21 2006 - 01:38:48
Please leave comments. Thank you.
chislamon November 21 2006 - 03:31:06
CHECK THE ARTICLES ALREADY MADE BEFORE SUBMITTING ONE, IF ITS ALREADY BEEN WRITTEN MORE THAN ONCE(IN SOME OCCASIONS SEVERAL TIMES) DONT FRIGGIN WRITE ONE AGAIN. [/rant] lol sorry but its getting really really annoying when people keep doing it. Instead follow i think it was arto_8000 that started the thread about challenge articles not made and write one on one of those.
I-O-W-Aon November 21 2006 - 08:11:28
this is the hard way of doing it? it takes 30 seconds with the right injection
korgon November 21 2006 - 08:36:08
This is the harder way timer can be bypassed in seconds, And this challenge has been covered like 7 times already. 0/10
Uber0non November 21 2006 - 16:15:51
This seems complicated ^^ but knowing many ways to beat a problem never hurts Pfft
Arto_8000on November 22 2006 - 00:20:29
chislam -> That wasnt me that started it but anyway me too I think it's really annoying seing the same article written 5 times and millions of articles about "beginning to learn c/c++" ...
repressedcrabon November 23 2006 - 10:25:26
:ninja::ninja::ninja::ninja::ninja::angry:
PlagueZon January 03 2007 - 22:04:37
Har har. There's no need fr JS injection, or decoding of any sort. If you want my hack, I'll PM it to you, in all its glory. Lol.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.