Theory on 15
Ok so im kinda…messed up on this one. i think they finally made it to where you actually have to incorporate hte use of substrings. Thats something ive yet to look into much. But here is my idea on how you SHOULD be able to do it via injection. But my concern here is that there is some way of blocking URL injection on JS, because it seems on some of hte challenges you cannot alert the var via URL bar. The other problem with this one is, is that i cannot save to HD and do it the "lazy" way. it claims it cannot find it. wtf? anyways, here we go…dont read it if u havent done it yet, not sure if its really a spoiler tho, since it seems to be wrong.
[color=grey] Ok so we have…15 variables? a-o. if a+ b and so on is equal to the variable "riddle", and riddle equals query test mess, then shouldnt we be able to make each individual variable equal to a letter in that 3 word statement? so that when youve added them all together, assuming you could do abcdefghijklmno as the pass, it would work.
the idea is that you would do:
javascript:void(a=q) and then down the line of variables and all the letters of qeuery test mass. (just like the JS number 11 or seomthign. where you adjust the wait time viable JS variable.) so why couldnt you apply the same theory in this one?
What i am thinking is that the only reasons this shoudlnt work, is taht a+b+c+d+e+f+g+h+i+j+k+l+m+n+o!=query test mess. what the script is actaully checking is not what the statement says. but how is that possible? if you manually change hte variables, JS has to comply, doesnt it? Also, abcdefghjiklmno is not the same as a+b+c+d+e+f+g+h+i+j+k+l+m+n+o. That i can understand, because the first one would technically be multiplication by a mathemtical standard. So, would JS interpret the variables a+b+c+d+e+f+g+h+i+j+k+l+m+n+o as literally a plus b plus c, or would hte + sign FUCK with things?[/color]
Well, id like some feedback on this, because i thought it was a really good thought even if it doesnt work. How does it sound to you?
1)abcdefghijklmno must be 2)query test mess ok?so….
the script keep the variables in this order….
3)iengclkfdhabmoj
now to discover the password try to assign in string 3 the values that the letters have in the line 2.
for ex… in string 3 the first letter is "i". the letter i in the line 1 correspond to the letter * in line 2…and so on for each letter…..
this challenge is very simple
yes, ive also read hte article by…ah damn i cant remember. but he did an article on this one, and i understand what he's trying to say, but i hate substrings, i think theyre totally pointless. I was hoping someone could explain why what i want to do doesnt work. or if im just making a dumb mistake and it DOES work.
What i am thinking is that the only reasons this shoudlnt work, is taht a+b+c+d+e+f+g+h+i+j+k+l+m+n+o!=query test mess. what the script is actaully checking is not what the statement says
i think this is totally wrong….
javascript:void(a=q) and then down the line of variables and all the letters of qeuery test mass. (just like the JS number 11 or seomthign. where you adjust the wait time viable JS variable.) so why couldnt you apply the same theory in this one?
becouse this variable values are assigned in run time…so i think that when u click the button this values are assigned and your void forgotten.
i never changed the time value to js 11
let's take the case of 'var a', it says:
var a = password.charAT(9)
and if you check in the IF condition, of course considering the order given, 'var a' should be the same as the first letter of 'riddle' , which is "q", so the 10th letter of the password is "q", great! do the same for the rest of the vars and you get a 2-word password, submit it and congratulations!
giving out more would literally be giving you the answer..
While I probably shouldn't be giving information about my own challenge, I'll try to clear a few syntax problems up. First of all, the line 'a+b+c+d+e+f+g+h+i+j+k+l+m+n+o' represents all the variables connected together. They are not added, but rather joined as one string. Had I used 'abcdefghijklmno', it would have represented a variable that had not been defined (the variable 'abcdefghijklmno' does not exist).
The reason JavaScript injection does not work on this challenge is because I made it so that the input interacts differently with the output. Instead of making a set password, the password is check with algorithm of parsing the string and analyzing it so it can not simply be alerted.
god wrote: yeah that should clear some confusions.. and could u comment on my article about YOUR challenge :P ? I think the article is a bit of a spoiler, myself. It takes away the fun of figuring out the reverse algorithm of the challenge, which is basically the challenge itself. Though it's apparently not too much of a spoiler, since people are still confused and working at it. Also, I'm curious as to how one "shows off" in a script :p > In god's article: First off you have SlimTim10 showing off It's nice to see that you firmly grasped the concept though. Good luck with number 16 (coming soon) ;)
crazy_sniper wrote: man i cant wait, keep pumpin those JS's out dude, theyre my favorites!!.
That wouldnt hvae been as hard if i would have known how substrings work. Now i get it. thanks to you guys :D No problem. And don't you worry, I'll be making hard JavaScript challenges to come. Number 16 will hopefully be quite hard and worth many points, but I've had a minor set back and had to recode it a little. Don't worry, I should be done by tomorrow.
Mellow Yellow wrote: Ah. My whole problem was I completely skipped the fact that charAt will split the string into an array, meaning it starts at 0, not 1. What a stupid mistake.Not really an array, but I think you get the idea. And yes, it does start at 0. But remember, a character can not be used the same as an integer (it can not be added, subtracted, multiplied, divided, etc.).
**SlimTim10 wrote:**Not really an array, but I think you get the idea. And yes, it does start at 0. But remember, a character can not be used the same as an integer (it can not be added, subtracted, multiplied, divided, etc.). I wasn't calling the function itself an array, but rather I was referring to the method of storage. When it is split, the values are stored into an array. Not coincidentally, they are indexed from 0 to string.length - 1.
So, my logic would be:
var array1 = new Array(string1.length + 1);
for(x=0; x<=string1.length - 1; x++) {
array1[x] = string1.substring(x,x+1);
}```
There, you would have array1[x] and charAt(x) being equal, and array1 being definitely an array. Each, when all the indexes are printed out using my example string, will give you abcdef.
My whole point being, the computer probably uses a similar method and that was my reason for saying it was similar to an array in my previous post.
**You are now exiting the slightly twisted mind of Mellow Yellow.
phoenix121 wrote: most of you guys are just complicating things anyway… took 2 minutes using notepad and logic.
course, i could've written a program to do the trick… but why waste 10 mins writing the program when it can be done in 2 mins?
true, thats how i solved it, but writing an app for this particular challenge will really reinforce people's javascript coding experience..
sakarin wrote: to all replying without reading the whole thread
there is already enough info both here and on the article
don't spoil the challenge by giving moreAt first glance, I would agree with that statement. But think about it more deeply. Why are the challenges made? Why does HBH exist? It's okay to have some spoilers like the ones in this thread, since they explain how it works instead of giving a curious answer. The point of the JavaScript challenges is to learn more JavaScript, including syntax and commands. This thread helps explain more advanced syntax which is great. ;)