RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "about:blank";
} else {
alert("Rawr, nope, try again!");
}
}
 
function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}

Now if you check HTML code of the button you will notice that function is not among these two present.

<button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password</button>

So I followed this clue and found that above those two functions there is remotely connected javascript file.

<script src="http://hackthissite.org/missions/javascript/6/checkpass" type="text/javascript"><!--mce:0--></script>

When you open that file you will find following javascript code:

dairycow="moo";
moo = "pwns";
rawr = "moo";
 
function checkpass(pass)
{
if(pass == rawr+" "+moo)
{
alert("How did you do that??? Good job!");
window.location = "../../../missions/javascript/6/?lvl_password="+pass;
} else {
alert("Nope, try again");
}
}

I guess that from here you are already able to figure that password is: moo pwns. If not then ask Similar Posts:

• Javascript Missions 4 :: Var?
• JavaScript Challenge 6 :: Simple strings
• JavaScript Challenge 10 :: Math time
• Javascript Missions 5 :: Escape!
• hackertest.net level 6 :: Linking javascript

Afterwards right click and select inspet element. This will work in Google Chrome. You will see pop-up window. And there you will find following commented HTML code:

Password: Z2F6ZWJydWg= add a page extention to that

Similar Posts:

• hackertest.net level 9 :: Hidden or not
• hack-test.com 10 :: Italic text
• hackertest.net list of all URLs
• hackertest.net level 19 :: yet another gif image
• hack-test.com 2 :: refresh now…

Now just download image from the link in bg attribute. When you open image you will notice username and password in the lower right corner.

Username: phat
Password: jerkybar3Similar Posts:

• hackertest.net level 7 :: Hidden Dragon
• hackertest.net level 8 :: Open PSD
• hack-test.com 8 :: PSD file
• hackertest.net level 16 :: unavailable
• hackertest.net level 3 :: Same but different

<SCRIPT SRC="psswd.js" LANGUAGE="JavaScript" type="text/javascript">

When you open it you will see following code:

<!--
var pass;
pass=prompt("Password:","");
if (pass=="streetzkornerz") {
window.location="included.htm";
}else 
alert("Try again...");
//-->

Notice that in if statement you may notice that password is: streetzkornerzSimilar Posts:

• hackertest.net level 3 :: Same but different
• Javascript Missions 1 :: Idiot Test
• hack-test.com 3 :: link colour
• hack-test.com 5 :: annoying window
• hack-test.com 1 :: hard start

Introduction to mission is simple:

Login as George!

But when you try to login as George he is not in the list. So to add George into the list, we will use firebug. Now, open firebug and in the HTMl code find option tag. To be able to login as George we have to create another entry. So let’s just add another entry into the list or you can change Jessica entry into:

<option value="George">George</option>

Now select George and log in Similar Posts:

• Basic web hacking 7 :: double login
• hackthissite.org basic 10 :: My cookie your cookie
• JavaScript Challenge 13 :: Cookie
• Basic web hacking 8 :: simple SQL
• hackthissite.org basic 4 :: email to admin

This time Drake invented a secure PHP and mySQL login, so only his family can login, but the script wasn’t as secure as he thought it would be.

First thing first let’s try and enter some password.

We obtain following result:

Please Login

SQL Query Error: SELECT * FROM family_db WHERE password=’ffdfd’
Your Password was not found in our database
Wrong SQL query

Now, form the obtained SQL query we may notice that the name of the database is: family_db and SQL query executed.

If we try to enter our simple SQL injection ‘ OR 1=1 we may notice that this will not work on the script. So let’s examine code of the error page now.

If you examine source code closely you may notice following line

<!-- ?sql_query -->Wrong SQL query

So the first commented out part probably gives you hint that you should use GET variables.

After you figured this out try entering the following URL:

http://www.hellboundhackers.org/challenges/basic8/secure-area.php?sql_query=SELECT * FROM family_db

I would like also to explain SQL query to the beginners

SELECT * FROM family_db

This SQL query in fact reads all values in rows and columns from the family_db table.

Obtained page after entering url is:

Your password is KingKong

Try entering received password.

+30 points Similar Posts:

• Basic web hacking 5 :: asterix the wildcard
• Basic web hacking 9 :: null poison byte
• How to grant privilege to users on MySQL database
• Connect to mysql database in java
• Basic web hacking 7 :: double login

*************
Version 0.57
*************
Feature added: In the info village page. That is the one that is opened when you click on certain village in the map mode. Two buttons are added Xmap and XXLmap these buttons allow you to open extended or XXL map respectively with the village you were observing as centered.

Feature added: Auto updater. When there is new version of this script then you will be notified and asked whether you would like to update this script. It checks once a day whether there is new version so don’t worry if you don’t get notice ASAP. However, I would like to notice that this solution is not my.

Feature Added: Time calculator for all units added to the village info page.

Feature Added: In time calculator row for counts warning will be shown in case you are watching village that is more then 70 fields away.

Feature Added: Additional panel for showing delayed attacks.

Feature Added: Auto-attacker this is for testing purposes only and it only works with squires in one town. This is not intended to be used in real combat yet. But all suggestions and bugs you might have found are welcomed.

Bugfix/Feature added: As there were some complains that Firefox would get a bit slow after using extend/XXL map I have optimized process a bit and now it shouldn’t slow down Firefox. Also noteworthy is that this will not speed up loading of maps, gameforge’s servers and your bandwidth are responsible for the speed of loading including speed of your home computer but not as much.

Bugfix: Yes/No buttons for choosing premium now enable or disable if clicked. Otherwise they just locked disabled.

Feature Removed: Points showing inline, since one is only able to see points on his rank page. Also options for this feature were removed.

INSTALL NEW VERSION HERESimilar Posts:

• KingsAgeX
• Kingsagex :: version 0.60
• KingsAgeX :: version 0.5
• KingsAge Farmer :: version 0.11beta opening new project
• Kingsagex :: version 0.62

Basic Challenge 4!

ERROR: htpasswd.php file not found in basic4/

So what should we do is to search for the for the file where it might be uploaded.

Easiest thing one can do is to start searching from first folder and that is basic1. If you try it out slowly you’ll find that file was uploaded in fact to basic mission 5. Here is the link of the file:

http://www.hellboundhackers.org/challenges/basic5/htpasswd.php

These are contents of the file:

Your Password is “FireStone”

So I tried password and it worked. For me solution password is: FireStoneSimilar Posts:

• Basic web hacking 12 :: include me in
• Basic Web Hacking 15 :: My robot
• JavaScript Challenge 7 :: Jump over
• Basic web hacking 9 :: null poison byte
• Basic Web Hacking 17 :: java decompiler

*************
Version 0.56
*************
Bugfix: Update button now again works. And updates list

Bugfix: All options in castle are now working and accept changes. Another thing is that points in-line stopped working so I will try to fix this in some future update if it is possible of course.

INSTALL LATEST VERSION HERE.

I am thanking to people that offered help. I will not name them but thank you once more.

AxSimilar Posts:

• KingsAgeX
• KingsAgeX :: version 0.4BETA
• Kingsagex :: version 0.62
• KingsAgeX :: version 0.5
• KingsAgeX :: version 0.57 milestone

My friend Drake has begin to program in HTML and he made this IFRAME, but the host of the website has kicked him out, and he doesnt remeber where is this IFRAME reading it from.

So if you have read tutorial then you probably can find source.

On the other hand it is really easy just go search trough source of mission web page when you find iframe tag you should be able to see src attribute now just copy value of source attribute in the text field and that is it…

Here is source of iframe:

../basic1/b2/index.php

Similar Posts:

• hackthissite.org basic 1 :: password is
• Basic web hacking 12 :: include me in
• hackertest.net level 8 :: Open PSD
• hackthissite.org basic 9 :: tricky easy not
• hackthissite.org basic 3 :: password.php