Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Javascript 9 Guide - without JS injection


Javascript 9 Guide - without JS injection

By ghostghost | 5427 Reads |
0     0

This is my first article so feel free to make suggestions and comments. Also please rate it below.

Requirements: basic HTML knowledge basic JS knowledge


This challenge isn't too hard if you have the right
knowledge and tools. So you load the page and you see a countdown timer… but what is this??? 34200 seconds… that's equivalent to nine and a half hours. You COULD wait but I wouldn't. It would also behoove you to note the number that the countdown starts at.

First, as always, it is good to look at the source of the page. Since this is a javascript challenge… it would probably be a good idea to look for some scripts. Now since the source is long, maybe Ctrl+F could help. Think of something you could search for. Think about how the script starts.

Once you've found the line (looks like: "v*r * = **0;") you could change it to make the shorting time shorter (think smaller number). However you can't change it in the view source page. At this point you use an injection
statement to change the number, or you could change the source by saving it to your computer or using this tool: http://htmledit.squarefree.com/.

Now you've changed it and opened it… once the countdown stops (you know it works if the number starts lower or at 0) there will be a box where you enter the password. You do it and.. what’s this? A page not found error… damn. Now there must be some reason why the page requested isn’t found. The error message, however, contains the page that wasn't found.

Now if you look at the source again, there will be an encoded section, near where you found the
earlier useful line of code, that tells what action the submit button performs. Here is a good URL that you can use to DECODE the gibberish:
http://www.yellowpipe.com/yis/tools/encrypter/index.php.

Now you can edit the code and change to URL… just adding a part so the page will work properly. Then just re-encode it. Note: the decoder automatically performs a step in decoding so you can read it in English. You will need to do this step in re-encoding. So you will have to encode the edited text twice: the result of the first encoded to the second. The second encoding will also be the first reversed (the URL will be able to do this).

Just overwrite the old code line with the new one and it should work. At the beginning you may have to add an encoded "<" at the beginning. Now open the page edited again and enter the password and you get your points. Enjoy them. :)

Thanks and good luck, br3nd0n.

Comments
ghost's avatar
ghost 18 years ago

Please leave comments. Thank you.

ghost's avatar
ghost 18 years ago

CHECK THE ARTICLES ALREADY MADE BEFORE SUBMITTING ONE, IF ITS ALREADY BEEN WRITTEN MORE THAN ONCE(IN SOME OCCASIONS SEVERAL TIMES) DONT FRIGGIN WRITE ONE AGAIN. [/rant]

lol sorry but its getting really really annoying when people keep doing it. Instead follow i think it was arto_8000 that started the thread about challenge articles not made and write one on one of those.

I-O-W-A's avatar
I-O-W-A 18 years ago

this is the hard way of doing it? it takes 30 seconds with the right injection

korg's avatar
korg 18 years ago

This is the harder way timer can be bypassed in seconds, And this challenge has been covered like 7 times already. 0/10

Uber0n's avatar
Uber0n 18 years ago

This seems complicated ^^ but knowing many ways to beat a problem never hurts :p

ghost's avatar
ghost 18 years ago

chislam -> That wasnt me that started it but anyway me too I think it's really annoying seing the same article written 5 times and millions of articles about "beginning to learn c/c++" …

ghost's avatar
ghost 18 years ago

:ninja::ninja::ninja::ninja::ninja::angry:

ghost's avatar
ghost 17 years ago

Har har. There's no need fr JS injection, or decoding of any sort. If you want my hack, I'll PM it to you, in all its glory. Lol.