Real 1

Ok, I have the admin username, pass, and authID, and I keep using javascript injections but nothings happening. I tried using them all at once, then refreshing, one at a time, after each one refresh, and one at a time, after all of them refresh. Can someone tell me what im doing wrong here?

I think that theres only one JS injection that you need to od, and that is the one to get your AuthID that of the admins.

Gee, as a hacker I don't seem to be doing real well…

I think I found what I need to find (the John Doe and Admin files) but I can't work out the password… it's encrypted and I can't make sense of it.

you dont need an admin password for this one, its in the ajvascript commands…

learn how to make javascript variables into what you want them to be. in this case, the AuthID is a JS variable. always try alerting your cookies to see what they are and what they contain. They should be changeable to what you want. Since you already have the admin's AuthID, if you make YOUR AuthID HIS, then the website thinks you are the admin, SOOOOO, that means you have access to the admin stuff.

*do it on the page that is needed to beat the mission.

well, it sure sounds like it would work if i did that…

I changed authID to the value I got on the admin page, but refreshing the page doesn't give me any SUPAR DUPAR ADMIN stuff… :@

It tell you the username and password to use…

well, it said "password = password:" and then some encrypted stuff which (I think) I don't need to encrypt…

after all, JohnDoe's password "password" is encrypted in his file too.

What I was trying to do was go to the Toys page, set my AuthID to the admin AuthID then refresh the page.

bah, I feel stupid asking for help on the first one. :|

Dont we all? Anyways, I keep trying javascript injections to alter the cookies, or set my AuthID to his, but it just isnt working, I even tried it on different pages. Its just not working.

are you doing the javascript injections on the right page? (the toys page)?

Yeah, I tried it on all of them.

After doing some of the harder JavaScript challenges, I forced my way on as Admin…

bah, I set the price to 1 cent and it says "go cheaper", but I can't make the software free either :(

EDIT:

Thinking too hard… use something simple but still much cheaper than original price. This is easy part.

I don't know what is worse. The fact that trying to look up javascript injection on google brings up nothing but news articles and forum posts from security websites to domestic websites warning them of their vulnerabilities, or the fact that anytime I see someone ask for help with javascript it is like talking to a tree stump… I don't care for the exact answer but I (or anyone else that has asked for help that I noticed) have no friggin' clue about javascript outside of the javascript:alert(document.cookie) tag which doesn't do a whole hell of a lot… I just want a simple list of commands for javascript injection commands, even if the variables are filled with wildcards so atleast I can figure out what to do. But running off of just the document.cookie one is a load of crap and I think some people need to stop using that one as a hint for every question about javascript… takes a deep breath Okay, I'm calm now.

just use your skills that you applied in the Javascript challenges after finding the cookie info in that *special directory (in that file)… it's gonna be simple injection after you find the holy grail which is the directory – it is the key to this mission

wel once u CHANGED the cookie value to the admins AuthID (don't make a new cokie with this value or delete the old one, could not work like this , just change the existing one) Try deactivating JavaScript in your browser settings and THEN refreshing the page. cause it could be that you get the AuthID just by loading the page(like in that JavaScript chalange, dono which one it was)

just read my artical!!! Look in my profile to find it!

SwiftNomad