Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Javascript Challenges 1-11


Javascript Challenges 1-11

By ghostghost | 9147 Reads |
0     0

This article is a list of short walkthroughs/tips for Javascript challenges 1 to 11

Javascript Challenge 1 Check the source of this one, find the script and have a good look around. -=- Javascript Challenge 2 Find a way to view the source of the page, and .. If you use Firefox, the view-source protocol is very helpful -=- Javascript Challenge 3 Find a way to unescape the obscured text in the source (or look it over closely), and you will be able to find the password. -=- Javascript Challenge 4 Press the button and see what happens.. Ever heard of Cross Site Scripting (XSS)? If not, google it. -=- Javascript Challenge 5 This ones pretty straightforward, find the javascript file and figure the password out. If you dont know what the (obsolete) getYear() method does, do some research on how works.. I guess one can say its not Y2K compliant. -=- Javascript Challenge 6 This one might be misleading at first. Check the source and.. well.. answer right in front of you. -=- Javascript Challenge 7 View the source of the site, you basically have a lazy way and a way in which you might learn something. Youll be able to figure it out if you know how the substring() method works. Basically, str.substring(5,50) returns 45 characters. It returns the 5th to (but NOT including) the 50th character in "str".

If youre lazy, you could always run the code locally and slightly modify the code. Remember: docu<i></i>ment.write[ln] is your friend. -=- Javascript Challenge 8 Check the source. Hmm.. Hex code? http://nickciske.com/tools/ has a nice hex to ascii to hex encoder/decoder. Weird result.. Lets just act like were crazy and try entering it. I will leave the rest of the challenge to you, but let me tell you this: the solution is simple, but not apparent. -=- Javascript Challenge 9 Well, I dont think we want to wait 9.5 hours to enter our solution, so check the source and find the countdown loop. Youll want to use Javascript injection to alter a variable. Once you got that, check the source again and youll be able to figure it out Im sure. -=- Javascript Challenge 10 Once again, theres a lazy way to do this, and a kind of.. tedious way.. I myself picked the lazy way, but Ill describe the long way. Press the Check button to initialize the variables. First youll want to find out the a, b and c variables. You could use javascript:alert(var.charCodeAt(*)) to find out or look up the charcodes. Next, do some math.. Decrypt the other variable that is part of the password and you`ll have it, matey!

Of course, the lazy way is so much quicker than this…. -=- Javascript Challenge 11 Just use the 'lazy' way mentioned before here.. javascript:alert(??????) in the address bar will be easiest. -=- Well thats all of em.. If you have any questions, let me know. If you think I gave too much away, let me know too.

Good luck!

-Sec

Comments
ghost's avatar
ghost 13 years ago

for javascript challenge 11 i did a javascript injection changing the asdf variable when i check the password it says 'well done dude' however i get no points :angry: what am i doing wrong???

DonMilano's avatar
DonMilano 12 years ago

@chris1994: Just go straightforward, what's the big deal with changing vars anyway… Ur supposed to beat the challenge, and learn something, dude! :D I could imagine the following to be happening in ur case: The javascript function checkpass() or whatever is executed all right (after u altered the var asdf), but there might be a second check running in the background (which u cannot see), and that checks if u really entered the correct value for asdf. So the alert box saying "well done dude" pops up, but you haven't passed the second test, so u get no points. (You can only modify what HBH wants you to modify to beat the challenge; they don't want you hacking their site :D) regards DM

jaguar's avatar
jaguar 8 years ago

:D