Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Javascript 9 & 10


Javascript 9 & 10

By ghostghost | 6154 Reads |
0     0

Javascript 9

When you first open the page it says:

You have requested the password, but our servers are too busy to respond.

Please wait 34200 seconds. Unless you want to wait 9.5 hours to see the password you're going to need to use Javascript injection to change the loop variable. The Javascript you need to edit looks like this:

var c = 34200; var p = "%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00";

var a; fc(); function fc() { if(c>0) { document.getElementById("say").innerHTML = "Please wait " + c + ' seconds.'; c = c - 1; setTimeout("fc()", 1000) } else { <br /> a = unescape("%33"); document.getElementById("say").innerHTML = "Your password is: " + unescape(p-a) + <br /> unescape("%3C%66%6F%72%6D%20%61 %63%74%69%6F%6E%3D%27%69%6E%64 %65%78%2E%70%68%70%27%20%6D%65 %74%68%6F%64%3D%27%50%4F%53%54 %27%3E%0D%0A%45%6E%74%65%72%20 %50%61%73%73%77%6F%72%64%3A%20 %3C%69%6E%70%75%74%20%74%79%70 %65%3D%27%74%65%78%74%27%20%6E %61%6D%65%3D%27%70%61%73%73%27 %20%73%74%79%6C%65%3D%27%74%65 %78%74%62%6F%78%27%3E%3C%62%72 %3E%0D%0A%3C%69%6E%70%75%74%20 %74%79%70%65%3D%27%73%75%62%6D %69%74%27%20%6E%61%6D%65%3D%27 %73%75%62%6D%69%74%27%20%76%61 %6C%75%65%3D%27%43%68%65%63%6B %20%79%6F%75%20%61%6E%73%77%65 %72%27%20%73%74%79%6C%65%3D%27 %62%75%74%74%6F%6E%27%3E%0D%0A %3C%2F%66%6F%72%6D%3E%00");

} }

Change the variable so that you don’t have to wait 34200s for the password. When the countdown finishes a password and a form are given. The form doesn’t work. Why could that be? When you look at the script, instead of a form you find encrypted code. To edit the form you have to decrypt it. (http://www.yellowpipe.com/yis/tools/encrypter/) I’m not going to tell you what type of encryption it is, but it should be easy enough to figure out. Ounce you have the form, edit it so that it can be executed properly. Now, from here you can either encrypt the form back into whatever it was encrypted in and replace the old unsescape with it, or enter the HTML directly into the script. (NOTE: If you enter it directly into the script you need to change the script so that it recognizes it as HTML)

Javascript 10 There are two ways to do this mission, the lazy way, or the hard way. For both ways you need to use javascript injection. The javascript you need to edit looks like this:

//By system_meltdown function checkpass() { pass=document.password.pass.value; rawr=unescape('%61%68%6f%79'); string="llama llama duck!"; a=string.charCodeAt(1); b=string.charCodeAt(7); c=string.charCodeAt(4); schloob=((6050/3a)-(b*c))/2/5+b; asdf=rawr+"_"+schloob; if(pass==asdf) { alert('Wahoo you got it!'); } else { alert('Awww shame!'); } }

&lt;&gt;form name=&quot;password&quot; action=&quot;index.php&quot; method=&quot;POST&quot;&gt; 
Enter the Password: &lt;&gt;input type=&quot;password&quot; name=&quot;pass&quot; maxlength=&quot;20&quot; size=&quot;20&quot; class=&#39;textbox&#39;&gt; 

Looking at this, you see that the password is equal to variable ‘asdf’. Now, the lazy way to find the the password is to use the ‘alert’ command to find the value of ‘asdf’ (HINT: The alert command is already there, it just needs to be changed). The harder way to find the password is to find the values of each variable and then plug them into the value of variable ‘asdf’, and do the math. Before you enter the password, you have to change the form so it can be executed properly, like in challenge nine.

I hope this helped. PM me if you need any help. Please comment or rate my article.

Comments
ghost's avatar
ghost 18 years ago

I don't think that your article was supposed to come out like this

ghost's avatar
ghost 18 years ago

Does HTML work in articles? It came out fine when i previewed it.

ghost's avatar
ghost 18 years ago

@layout?

ghost's avatar
ghost 18 years ago

I keep updating it but the HTML won't work. Does anyone know why?

SySTeM's avatar
SySTeM 18 years ago

because html is disabled LOL!

ghost's avatar
ghost 18 years ago

i never fixed it, its suddenly formatted, did someone fix this?

SySTeM's avatar
SySTeM 18 years ago

Yes an admin fixed it

ghost's avatar
ghost 18 years ago

wow after the fix it looks great! wonderful article!

kaso's avatar
kaso 4 years ago

I think challenge 9 is easier to complete if you execute commands directly in the address bar of the browser

kaso's avatar
kaso 4 years ago

I think challenge 9 is easier to complete if you execute commands directly in the address bar of the browser