Tips for Javascript Challenges
Tips for Javascript Challenges
ghost | 5424 Reads | Hello to everyone who reads my article in the future. This is my first article and instead of telling people how to do each challenge I thought I would give tips that will help them throughout the Javascript challenges. It's your job to find out what to use and where to use it. I’m going to divide this article up into sections to hopefully make it easier to read.
First off, if your doing Javascript challenges it's a good thing to know a bit about Javascript itself. So go to a site like W3Schools (http://www.w3schools.com/) or another site you may know or have heard of and learn some Javascript.
––––––––––––––––––––––––––––Tools ––––––––––––––––––––––––––––
Next a good thing to have for the Javascript challenges is Firefox. So if you don't have it, go get it. I'll even provide a link if your to lazy to find it yourself. http://www.mozilla-europe.org/en/products/firefox/
Along with Firefox, there are a few cool addons that would be a great help in some of the challenges(they might even help in challenges outside of the Javascript one). They are:
-
Web Developer: (https://addons.mozilla.org/en-US/firefox/addon/60) This can be a great little help in some challenges. It can disable things such as Javascript, it can view cookie information and much more. I'll let you play around with it and figure out more.
-
Firebug:(https://addons.mozilla.org/en-US/firefox/addon/1843) This is not necessary but can be useful if you know what your doing.
You can look around for some extras if you ever feel like it(Here at https://addons.mozilla.org/en-US/firefox/). You might find something you like.
Another couple sites that will help you out in the future are:
-
http://www.yellowpipe.com/yis/tools/encrypter/index.php ^This site will be used to encrypt or decrypt whatever you may need to encrypt or decrypt
-
http://www.w3schools.com/js/tryit.asp?filename=tryjs_text ^This is W3Schools Tryit Editor. You can use this to play around with some Javascript you might find in the challenges. If you know what your doing this could DO a few challenges for you.
––––––––––––––––––––––––––––Source ––––––––––––––––––––––––––––
OK that will give you a few advantages for some of these challenges but if you don't know what your doing they're not much good to you.
Well the first thing you need to know is how to view the page source. Now I'm going to assume you all know how to do this but if you happen to need some review here's how to do it(for firefox):
- You can use ctrl+u OR
- You can go up to the top of Firefox where it says File and all that stuff and go view -> Page Source
Easy but VERY important in these challenges.
Another good thing to learn how do to is to view a page source without having to visit the actual page. Here's how:
- First you need is the address to the page you want to view the source of (http://www.hellboundhackers.org/challenges/js/whatever/etc) This can be done easily by right clicking on the link, selecting properties and copying the address shown.
- Next go up to where you type in the address and type in "view-source:" without the quotation marks and the past the address you copied after it. This will open the source to any page without having to visit the page.
————————————————Javascript Injections ———————————————— —————————————–– and a quick comment on XSS ——————————————
Another thing will be helpful to know is basic XSS(very basic…like sooo basic you only need this site to help you: http://www.securiteam.com/securitynews/5CP052A8AU.html) and Javascript Injections. Like I said basically the only thing you need to know about XSS is in that link for these challenges but I will explain a bit about Javascript Injections. JS Injections can be helpful in a nice few areas of these challenges; basically you can view cookies, change variables or cookies, and other things by using JS Injections.
First off JS Injections are put into the URL bar. So where you see http://www.whatever.etc you completely delete it all. You will then write "javascript:" in it's place followed by either "alert()" or "void()". So it will look like either
javascript:alert() OR javascript:void()
Of course there will be different kinds of things that can go into the brackets, otherwise they wouldn't do anything.
Now for these challenges one big thing to know is how to manipulate cookies through JS Injections. There are a couple different things that can be done to manipulate cookies. One is simply getting the page to display cookies. You might need to do this because sometimes there is important information in the cookies that you'll need to know to complete the challenge. To alert the cookies you have to use this command:
javascript:alert(document.cookie)
Now what if you want to change a cookie to get a certain result. For example you see a cookie with authorization set to false. Maybe you want to set this to true and see if it gives you access. This can be done using the void() injection. To do this you would have to use this:
javascript:void(doument.cookie="authorized=true")
This would change that authorization from false to true. This can be used in other situations to. Another little piece of information you might find useful is that you can use more than one command at once. For example what if you wanted to change a cookie then check and make sure you changed it. You could do this:
javascript:void(document.cookie="authorized=true");javascript:alert(document.cookie)
This would alert the cookies for you and you should see the change you made first to the cookie.
Another thing you might find interesting is that you can alert and alter variables using JS Injections. For example:
javascript:alert(x) will alert the x variable used(assuming one actually is used of course). Now what if you wanted to change this variable x to something else. Well you could simply use the void() injection: javascript:void(x=y) where "y" whatever you want to replace x with. This one might prove useful because you can actually alert the answer sometimes with JS Injection of variables.
There are more things you can alter with JS Injections like forms but it is not necessary for me to cover in this article because basically you don't need it. Cookies are the important thing for these challenges. However if you would like to learn about JS Injections and forms you can look up javascript injection articles and you'll find it.
––––––––––––––––––––––––––Conclusion ––––––––––––––––––––––––––
Well that's it for my article. If you keep these tips in mind it should help you. Remember to go and learn some Javascript, it's important, not just for these challenges but it's something that is used in many websites. Feel free to rate my article or criticize it(please make it constructive if you do). Edit: Thanks to moshbat and UberOn for the suggestions I’m going to add more information to hopefully make this article even better and more useful. ~ShapeShifters
ghost 16 years ago
Well it is mainly for newbies. Hmm, anything I could maybe add in and talk about that might make this a more worthwhile read?
Uber0n 16 years ago
Since it's mostly for newbies, perhaps you should some info about variables, functions etc ^^ Ps. Thanks for using good grammar :love:
ghost 16 years ago
Haha no problem, I try my best to use good grammar. Hmm, do you mean like explain about some of the more important Javascrip things to know for the challenges?
ghost 16 years ago
Yeah it wouldn't hurt I guess, I'll try to come up with something and add in there. Thanks for the suggestions.
ghost 16 years ago
One suggestion edited in so far. Got a little bit about Javascript Injections that is useful for the Javascript challenges now. I'll try to come up with a bit about Javascript itself (functions, variables, etc) if I can.
korg 16 years ago
I suggest you find another subject to cover. The javascript challenges have been covered too many times, Have you read the hbh tutorials on these. And for god's sake stop answering ever comment! Good rating for trying only.
ghost 16 years ago
When you write about something, make sure you know about it at least ! Firebug is the best tool you can ever have to analyze a page and it's by far better then all the little tool you mention. javascript:blablablabla is really really really really old and with Firebug or any js console you can execute code much easier then using that. Also your approch in the tutorial is wrong, your starting by saying go learn Javascript … even though it's the best tip you gave in your tutorial you don't start a tutorial by saying go read about that or that. And wth ? Do you at least know the difference between XSS and Javascript Injection ? Your talking about XSS in a paragraph where you are suppose to talk about Javascript Injection. It's the not the same thing … :s. There is also a limit up to how basic a tutorial can be. What are we suppose to learn in that ?
ghost 16 years ago
Firebug is good but it isn't necessary for these challenges. Whether or not you think JS Injections is good they do work, it's a way to use Javascript to complete Javascript challenges without relying on tools, and it doesn't hurt to know the basics of it anyway. The whole XSS thing was in there first, i later put the title Javascript Injections over it without realizing the XSS was still there so that's a mistake.
What are you suppose to learn? Well anyone who has done these challenges probably nothing but if you've looked around you will see that some things as easy as trying to view souce while a popup stops you gives people problems so I'm sure some people will get help out of it.