Axino.net » firebug

JavaScript Challenge 13 :: Cookie

Arxleol — Tue, 08 Jun 2010 22:28:17 +0000

We will solve this challenge with Firebug. Open challenge page in Firefox, and start Firebug. Now you probably see this sentence:

You are not authorized to view this page!

however, checking source code you will find that page is using cookie for authorization named authorized with value: false.

So if you are already in Firebug just open Cookies tab find cookie named authorized right click on it and select edit. Now just change false into true and reload page.Similar Posts:

JavaScript Challenge 9 :: timer

Arxleol — Wed, 02 Jun 2010 19:59:35 +0000

In this challenge we are faced with timer. As soon as you’ve seen this challenge you figured out you have to reset timer somehow.

Of course one probable solution would be to wait until timer reaches zero value.

But that defies the point. If you examine code you will find following script:



<script>
var c = 34200;
var p = "%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00";
var a;
fc();
function fc()
{
if(c>0)
{
 document.getElementById("say").innerHTML = "Please wait " + c + ' seconds.';
 c = c - 1;
 setTimeout("fc()", 1000)
} else {
 a = unescape("%33");
 document.getElementById("say").innerHTML = "Your password is: " + unescape(p-a) + unescape("%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%27%69%6E%64%65%78%2E%70%68%70%27%20%6D%65%74%68%6F%64%3D%27%50%4F%53%54%27%3E%0D%0A%45%6E%74%65%72%20%50%61%73%73%77%6F%72%64%3A%20%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%74%65%78%74%27%20%6E%61%6D%65%3D%27%70%61%73%73%27%20%73%74%79%6C%65%3D%27%74%65%78%74%62%6F%78%27%3E%3C%62%72%3E%0D%0A%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%73%75%62%6D%69%74%27%20%6E%61%6D%65%3D%27%73%75%62%6D%69%74%27%20%76%61%6C%75%65%3D%27%43%68%65%63%6B%20%79%6F%75%20%61%6E%73%77%65%72%27%20%73%74%79%6C%65%3D%27%62%75%74%74%6F%6E%27%3E%0D%0A%3C%2F%66%6F%72%6D%3E%00");
}
}
script>

This is where Firebug comes in really handy. Now open Firebug and select DOM tab in here you should search for variable c. Because variable c contains number of seconds till we receive our password. And now when you find variable c in DOM tab change its value to something low for example number 5. Now if you’ve done everything correctly you will notice that counters switched to 5 and is counting down. When it reaches 0 you will receive password:

Your password is: NaN

Similar Posts:

Javascript Missions 7 :: JS Obfuscation. FTW!

Arxleol — Sat, 22 May 2010 09:37:32 +0000

Now this one is really tricky if you are not using right tool. At first I was checking obfuscated code and couldn’t figure out much. Then I went to search trough source code of the page and didn’t find anything useful. Noteworthy is that I was using Google Chrome. Then I switched to Firefox and examined code with Firebug. And what surprise awaited me. Well see for yourself:

And this did not show up in Chrome really interesting. So you can see that password is: j00w1nSimilar Posts:

Basic Web Hacking 13 :: Forgotten George

Arxleol — Fri, 08 Jan 2010 21:37:25 +0000

In the following mission we will use Firebug. Very useful web developers tool.

Introduction to mission is simple:

Login as George!

But when you try to login as George he is not in the list. So to add George into the list, we will use firebug. Now, open firebug and in the HTMl code find option tag. To be able to login as George we have to create another entry. So let’s just add another entry into the list or you can change Jessica entry into:

<option value="George">George</option>

Now select George and log in Similar Posts:

hackthissite.org basic 5 :: email to admin II

Arxleol — Thu, 25 Jun 2009 21:42:37 +0000

When you started with 5th mission you probably assumed that it is something similar if not the same as previous one. However, if you tried solving it the way previous mission was solved you’ll see that it doesn’t work because site you’re providing data to checks from where data is coming and therefore figures out that you are sending data from somewhere else.

So what you need to do is to install firebug. And then open firebug find the hidden field that contains email and change it to something else. Then when you click on Send email to Sam you should obtain the following password: d6093b09Similar Posts: