If you try opening any of these pages you will see that all of them were changed by hacker. Now notice that opening new page appends variable action in the URL. So considering where all actions are saved (probably in system logs). Let’s try accessing that page.

However, when you open index.php?action=logs you will notice message from hacker that he obviously deleted all logs.

But if you check source of the page you will find interesting comment.



<!-- Last logged in user: 174.142.24.201 -->

Now, that we found IP of intruder let’s track it down using: http://www.ipaddresslocation.org/ip-address-locator.php.

Similar Posts:

• Tracking Challenge 1 :: Email tracing
• hackthissite.org basic 11 :: Music collection
• First half year of Axino.net
• How to trace emails using Gmail
• hackertest.net level 8 :: Open PSD

When you enter your email address preferably gmail, you will receive following email:

This a automated email, sent out by HBH Tracking Challenge 1: For this challenge you must enter the IP + host in the challenge page

Now open original message and there you will be able to find in Received section information about domain: s15265096.onlinehome-server.info and ip:87.106.143.53Similar Posts:

• How to trace emails using Gmail
• hellboundhackers.org tracking challenges solutions to all missions
• Tracking Challenge 2 :: Intruder tracking
• Tutorials
• Basic web hacking 10 :: ip range

Open any email you received and check the arrow pointing downwards on the right side of email box. When you click on the arrow select option: Show original. This will open new window with original message.

In the received part you will find domain name from which message was sent and what is more important IP address of sender. So you could either trace email to sender or verify whether sender is who he claims.

Another useful part worthy of checking is Authentication where you may see how Google authorized sender.Similar Posts:

• Tracking Challenge 1 :: Email tracing
• hackthissite.org basic 4 :: email to admin
• JavaScript Challenge 13 :: Cookie
• Keylogger in C# :: catching secret word
• Keylogger in C# :: sending emails

Javascript actually generates password from riddle or even better anagram.

// Written by SlimTim10
// Hint: The answer may be more than one word and may contain spaces.
 
function checkpassword()
{
 
	password = document.password.password.value;
	var a = password.charAt(9)
	var c = password.charAt(4)
	var b = password.charAt(10)
	var d = password.charAt(7)
	var f = password.charAt(6)
	var e = password.charAt(1)
	var g = password.charAt(3)
	var i = password.charAt(0)
	var h = password.charAt(8)
	var j = password.charAt(13)
	var l = password.charAt(5)
	var k = password.charAt(6)
	var m = password.charAt(11)
	var o = password.charAt(12)
	var n = password.charAt(2)
	var riddle = "query test mess";
 
	if (a+""+b+""+c+""+d+""+e+""+f+""+g+""+h+""+i+""+j+""+k+""+l+""+m+""+n+""+o==riddle)
	{
		alert("Congratulations!");
	}
	else
	{
		alert("Wrong, but keep at it!");
	}
 
}

To solve it I used piece of paper. First I draw 14 boxes starting with zero till 13. Next step is to copy anagram: query test mess. And write below each letter, letters from a to o.

Now you need to fill boxes with letters let’s solve it for letter a.

Over letter A is letter Q and now we check javascript code: var a = password.charAt(9) so letter a should be in box 9 so fill the box 9 with q.

Simple or not. Here is interesting and surprising final answer: system requestSimilar Posts:

• hackertest.net level 10 :: False clues || common sens
• hack-test.com 10 :: Italic text
• JavaScript Challenge 12 :: execute
• Basic Web Hacking 1 :: Simple Enter Pass
• Basic web hacking 8 :: simple SQL

So very first step is to find javascript that will be executed when password is entered.

 //By system_meltdown
 function checkpass()
 {
 pass=document.password.pass.value;
 rawr=unescape('%61%68%6f%79');
 string="llama llama duck!";
 a=string.charCodeAt(1);
 b=string.charCodeAt(7);
 c=string.charCodeAt(4);
 schloob=((60*50/3*a)-(b*c))/2/5+b;
 asdf=rawr+"_"+schloob;
 if(pass==asdf)
 {
 alert('Wahoo you got it!');
 }
 else
 {
 alert('Awww shame!');
 
 }
}

Now for executing we will take just the important part of code:

rawr=unescape('%61%68%6f%79');
 string="llama llama duck!";
 a=string.charCodeAt(1);
 b=string.charCodeAt(7);
 c=string.charCodeAt(4);
 schloob=((60*50/3*a)-(b*c))/2/5+b;
 asdf=rawr+"_"+schloob;

Executing script in your browser is easy. Just open new tab and in the URL bar enter following javascript code. Notice that I am alerting value of asdf variable.

javascript:rawr=unescape('%61%68%6f%79');string="llama llama duck!";a=string.charCodeAt(1);b=string.charCodeAt(7);c=string.charCodeAt(4);schloob=((60*50/3*a)-(b*c))/2/5+b;asdf=rawr+"_"+schloob; alert(asdf);

Now you should receive this password as result.

ahoy_9860.4

Similar Posts:

• JavaScript Challenge 11 :: js injection
• JavaScript Challenge 12 :: execute
• Javascript Missions 6 :: go go away .js
• hackertest.net level 6 :: Linking javascript
• Javascript Missions 5 :: Escape!

a = screen.width;
if(a != 800)
{
 alert('Sorry you do not have the right parameters!');
}else{
 window.location='/challenges/js/js14/index.php?ans=1e799d6ab6736c258580e7bc9feebacb'
}

Now you probably notice that you should have screen resolution of width 800 pixels. However, if you check else statement you will find new location and if you use it you will solve this challange.

So jump to this URL: index.php?ans=1e799d6ab6736c258580e7bc9feebacbSimilar Posts:

• Basic web hacking 12 :: include me in
• JavaScript Challenge 7 :: Jump over
• hackertest.net level 5 :: Save As…
• hackthissite.org extbasic 2 :: Extension blocking
• JavaScript Challenge 1 :: Function understanding

You are not authorized to view this page!

however, checking source code you will find that page is using cookie for authorization named authorized with value: false.

So if you are already in Firebug just open Cookies tab find cookie named authorized right click on it and select edit. Now just change false into true and reload page.Similar Posts:

• hackthissite.org basic 10 :: My cookie your cookie
• Basic web hacking 7 :: double login
• hackthissite.org Application 3 :: 127.0.0.1
• JavaScript Challenge 9 :: timer
• hackertest.net level 9 :: Hidden or not

Script that awaits you is long and it would be boring to analyze it. You already noticed that you cannot use javascript injection.

function checkpass()
{ 
 
 pass=document.password.pass.value;
 z=2;
 x=z*1.5;
 v=z*2;
 w=v*1.75;
 y=v*1.25;
 abc=(((y*v*y*x+z)*x+w)*z+y)*v+w; 
 
 if(pass==abc)
 {
  alert('Congratz! You are good at Math');
 }
 else
 {
  alert('Sorry, try again when you learn more Math!'); 
 
 } 
 
}

So what we want to do is to execute mathematical part and obtain answer. You can do this by opening new tab and executing following script that will output correct mathematical answer:

javascript:z=2;x=z*1.5;v=z*2;w=v*1.75;y=v*1.25;abc=(((y*v*y*x+z)*x+w)*z+y)*v+w;alert(abc);

You should get this answer in alert box: 7331Similar Posts:

• JavaScript Challenge 10 :: Math time
• Javascript Missions 1 :: Idiot Test
• JavaScript Challenge 5 :: Stop me quickly 2
• JavaScript Challenge 11 :: js injection
• hackertest.net level 1 :: Cover up basics

Javascript code we are required to examine is following:

//By system_meltdown
var s = "Llama llama chicken duck, schloob mcfroob, moo asdf qwerty zxcv. Rawr llama kinasd, [insert random crap here]It's hammer on the keyboard time: sfsdfoashdfy78sdfysdfs67dftsdf 6tsdf76as tfa. Well I'm bored, so if you're still reading this I advise you to stop because you are wasting your time....dumbarse :)";
var asd = s.charCodeAt(14);
var fdsa = s.charCodeAt(42);
var sadfasf = s.charCodeAt(4);
var moo = s.charCodeAt(43);
var teeep = s.charCodeAt(32);
var asdf = asd+fdsa+sadfasf+moo+teeep;
function checkpass()
{
pass=document.password.pass.value;
if(pass==asdf)
{
alert('Well done dude!');
}
else
{
alert('You suck!');
}
}

Now instead of analyzing the code we will use once again javascript injection. You probably already noticed if statement in whish password is compared to asdf. What we will do is to output value of asdf and enter it as the password.

So next step is to write peace of javascript code in the URL bar in your browser and output variable asdf.

javascript:alert(asdf)

I obtained following value: 441Similar Posts:

• JavaScript Challenge 10 :: Math time
• JavaScript Challenge 12 :: execute
• hack-test.com 3 :: link colour
• Javascript Missions 6 :: go go away .js
• Javascript Missions 5 :: Escape!

Of course one probable solution would be to wait until timer reaches zero value.

But that defies the point. If you examine code you will find following script:

<script>
var c = 34200;
var p = "%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00";
var a;
fc();
function fc()
{
if(c>0)
{
 document.getElementById("say").innerHTML = "<b><big>Please wait " + c + ' seconds.</big></b>';
 c = c - 1;
 setTimeout("fc()", 1000)
} else {
 a = unescape("%33");
 document.getElementById("say").innerHTML = "Your password is: " + unescape(p-a) + unescape("%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%27%69%6E%64%65%78%2E%70%68%70%27%20%6D%65%74%68%6F%64%3D%27%50%4F%53%54%27%3E%0D%0A%45%6E%74%65%72%20%50%61%73%73%77%6F%72%64%3A%20%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%74%65%78%74%27%20%6E%61%6D%65%3D%27%70%61%73%73%27%20%73%74%79%6C%65%3D%27%74%65%78%74%62%6F%78%27%3E%3C%62%72%3E%0D%0A%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%73%75%62%6D%69%74%27%20%6E%61%6D%65%3D%27%73%75%62%6D%69%74%27%20%76%61%6C%75%65%3D%27%43%68%65%63%6B%20%79%6F%75%20%61%6E%73%77%65%72%27%20%73%74%79%6C%65%3D%27%62%75%74%74%6F%6E%27%3E%0D%0A%3C%2F%66%6F%72%6D%3E%00");
}
}
</script>

This is where Firebug comes in really handy. Now open Firebug and select DOM tab in here you should search for variable c. Because variable c contains number of seconds till we receive our password. And now when you find variable c in DOM tab change its value to something low for example number 5. Now if you’ve done everything correctly you will notice that counters switched to 5 and is counting down. When it reaches 0 you will receive password:

Your password is: NaN

Similar Posts:

• JavaScript Challenge 10 :: Math time
• hackthissite.org basic 10 :: My cookie your cookie
• Javascript Missions 1 :: Idiot Test
• JavaScript Challenge 13 :: Cookie
• hack-test.com 1 :: hard start