Javascript Missions 1 :: Idiot Test
by Arxleol on Saturday 20.06.2009, under hackthissite.org, tutorial
OK let’s workout also few missions from the javascript part since these might often prove to be the best starting point when hacking or securing some web 2.0 portal or system in general.
I will not discuss here about javascript what it is and how you can use it however it might be good to note that these missions were not the same as javascript injections since you had to analyze javascript code and not place some value or anything like that sort. So let’s begin with idiot test.
faith is learning Javascript, the only thing that is protecting her from hackers is luck.
That is intro to this mission. Let’s open challenge now. When you take this challange you may see something like this:
Javascript Mission 1:
Faith is learning Javascript
OK let’s now check the code and see if there is something hidden. Now if you carefully check out code you may find this function written in there that is in fact javascript code on the page:
function check(x) { if (x == "cookies") { alert("win!"); window.location += "?lvl_password="+x; } else { alert("Fail D:"); } }
This function is located directly above the “javascript mission 1” in the code. And next thing that we will check and often it is checked before you find function but in this case if was fairly simple. We would checkout form and there is something interesting to be found.
< button onclick="javascript:check(document.getElementById('pass').value)">Check Password
when you click on this button it will pass whatever is written in the text field since document .getElementById('pass').value this part is referencing the field by name and it requests its value. So now it would be good if we would return to the javascript function itself. If you would carefully follow what is happening with the variable x that is in fact password you will find this logical statement:
x == "cookies"
Which in fact means that variable x is compared to the cookies and if the true value is returned we have won. So according to this cookies is in fact our password. I know first mission is always simple.
SPECIAL NOTICE: I have decided to write this special notice since strange thing happened to me I was certain that it works and that cookies is correct password however important thing is that when I have entered it nothing happened then I went and checked the profile page and there was written that I have finished javascript challenge one. So if anyone happens to have the same behavior don’t be alarmed your points are calculated. 
