Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 28
Members Online: 3

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 1 of 2 1 2 >
Author

Theory on 15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 11:31
Ok so im kinda...messed up on this one. i think they finally made it to where you actually have to incorporate hte use of substrings. Thats something ive yet to look into much. But here is my idea on how you SHOULD be able to do it via injection. But my concern here is that there is some way of blocking URL injection on JS, because it seems on some of hte challenges you cannot alert the var via URL bar. The other problem with this one is, is that i cannot save to HD and do it the "lazy" way. it claims it cannot find it. wtf? anyways, here we go...dont read it if u havent done it yet, not sure if its really a spoiler tho, since it seems to be wrong.







[color=grey]
Ok so we have...15 variables? a-o. if a+ b and so on is equal to the variable "riddle", and riddle equals query test mess, then shouldnt we be able to make each individual variable equal to a letter in that 3 word statement? so that when youve added them all together, assuming you could do abcdefghijklmno as the pass, it would work.

the idea is that you would do:

javascript:void(a=q) and then down the line of variables and all the letters of qeuery test mass. (just like the JS number 11 or seomthign. where you adjust the wait time viable JS variable.) so why couldnt you apply the same theory in this one?

What i am thinking is that the only reasons this shoudlnt work, is taht a+b+c+d+e+f+g+h+i+j+k+l+m+n+o!=query test mess. what the script is actaully checking is not what the statement says. but how is that possible? if you manually change hte variables, JS has to comply, doesnt it? Also, abcdefghjiklmno is not the same as a+b+c+d+e+f+g+h+i+j+k+l+m+n+o. That i can understand, because the first one would technically be multiplication by a mathemtical standard. So, would JS interpret the variables a+b+c+d+e+f+g+h+i+j+k+l+m+n+o as literally a plus b plus c, or would hte + sign FUCK with things?[/color]

Well, id like some feedback on this, because i thought it was a really good thought even if it doesnt work. How does it sound to you?




Edited by rex_mundi on 26-03-13 13:56
Author

RE: The simplest way


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:10
1)abcdefghijklmno must be
2)query test mess ok?so....

the script keep the variables in this order....

3)iengclkfdhabmoj

now to discover the password try to assign in string 3 the values that the letters have in the line 2.

for ex... in string 3 the first letter is "i". the letter i in the line 1 correspond to the letter * in line 2...and so on for each letter.....

this challenge is very simple




Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:15
yes, ive also read hte article by...ah damn i cant remember. but he did an article on this one, and i understand what he's trying to say, but i hate substrings, i think theyre totally pointless. I was hoping someone could explain why what i want to do doesnt work. or if im just making a dumb mistake and it DOES work.


Author

RE: my opinion


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:25
What i am thinking is that the only reasons this shoudlnt work, is taht a+b+c+d+e+f+g+h+i+j+k+l+m+n+o!=query test mess. what the script is actaully checking is not what the statement says

i think this is totally wrong....

javascript:void(a=q) and then down the line of variables and all the letters of qeuery test mass. (just like the JS number 11 or seomthign. where you adjust the wait time viable JS variable.) so why couldnt you apply the same theory in this one?

becouse this variable values are assigned in run time...so i think that when u click the button this values are assigned and your void forgotten.

i never changed the time value to js 11


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:32
ok i see what you mean, but what do you mean you never changed the time value in number 11?

--oh sry my bad, i had the wrong challenge number. it was just the one JS challenge where the clock was set to 32000 something until your password was revealed.




Edited by on 27-06-06 12:33
Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:37
let's take the case of 'var a', it says:

var a = password.charAT(9)

and if you check in the IF condition, of course considering the order given, 'var a' should be the same as the first letter of 'riddle' , which is "q", so the 10th letter of the password is "q", great!
do the same for the rest of the vars and you get a 2-word password, submit it and congratulations!


giving out more would literally be giving you the answer..


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 12:52
ahah, yeah god i kno, im just...erm, i a little slow sometimes.. lol.


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 19:41
Call me crazy, but is this mission messed up? There are two charAt functions which use the 6th char. Last time I checked, the sixth char in the password can't be two different characters. Someone enlighten me.
Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 20:03
it could be one character, used in 2 places..(it is)

[edit] AND dont complicate it, just do it, if you find something that's a little confusing, go on, i thought i was doing it all wrong but when i got all the chars it turned out to be right..




Edited by on 27-06-06 20:05
Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 21:29
can i ask one more question?

Is this the general rule that substrings follow?


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 22:03
best thing to do is work it out.. and if you cant anymore.. well its not that hard to guess from that point....


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 22:56
While I probably shouldn't be giving information about my own challenge, I'll try to clear a few syntax problems up. First of all, the line 'a+b+c+d+e+f+g+h+i+j+k+l+m+n+o' represents all the variables connected together. They are not added, but rather joined as one string. Had I used 'abcdefghijklmno', it would have represented a variable that had not been defined (the variable 'abcdefghijklmno' does not exist).

The reason JavaScript injection does not work on this challenge is because I made it so that the input interacts differently with the output. Instead of making a set password, the password is check with algorithm of parsing the string and analyzing it so it can not simply be alerted.


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 23:13
yeah that should clear some confusions.. and could u comment on my article about YOUR challenge Pfft ?


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 23:14
hence...damn. thats all i got to say. damn.


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 23:23
god wrote:
yeah that should clear some confusions.. and could u comment on my article about YOUR challenge Pfft ?

I think the article is a bit of a spoiler, myself. It takes away the fun of figuring out the reverse algorithm of the challenge, which is basically the challenge itself. Though it's apparently not too much of a spoiler, since people are still confused and working at it. Also, I'm curious as to how one "shows off" in a script Pfft
In god's article:
First off you have SlimTim10 showing off

It's nice to see that you firmly grasped the concept though. Good luck with number 16 (coming soon) Wink


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-06 23:51
man i cant wait, keep pumpin those JS's out dude, theyre my favorites!!.

That wouldnt hvae been as hard if i would have known how substrings work. Now i get it. thanks to you guys Grin


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-06 00:00
crazy_sniper wrote:
man i cant wait, keep pumpin those JS's out dude, theyre my favorites!!.

That wouldnt hvae been as hard if i would have known how substrings work. Now i get it. thanks to you guys Grin

No problem. And don't you worry, I'll be making hard JavaScript challenges to come. Number 16 will hopefully be quite hard and worth many points, but I've had a minor set back and had to recode it a little. Don't worry, I should be done by tomorrow.


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-06 00:03
go figure. you just HAVE to bring out the new oober hard one when i leave town for a shoot, dont you?

sigh... o well. ahaha, cant wait to see it man.


Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-06 04:24
Ah. My whole problem was I completely skipped the fact that charAt will split the string into an array, meaning it starts at 0, not 1. What a stupid mistake.
Author

RE: Theory on #15


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-06 13:13
Mellow Yellow wrote:
Ah. My whole problem was I completely skipped the fact that charAt will split the string into an array, meaning it starts at 0, not 1. What a stupid mistake.
Not really an array, but I think you get the idea. And yes, it does start at 0. But remember, a character can not be used the same as an integer (it can not be added, subtracted, multiplied, divided, etc.).


Page 1 of 2 1 2 >