Test you Javascript Prowess

@96turnerriJun 07.2004 — #im working on it now, let you know how far i get

Rich

@96turnerriJun 07.2004 — #ok i got stuck here

http://scifi.pages.at/hackits/number8.htm

not sure ifs it trying to get access to level 8 or im on level 8, you are prompted for an entry and you are taken to it +.htm

so from what i can work out it can be anything so i got stuck ?

HELP!

@DaveSWJun 07.2004 — #It's that site again lol. ?

@96turnerriJun 07.2004 — #[i]Originally posted by DaveSW [/i]

[B]It's that site again lol. ? [/B][/QUOTE]

thats not helping :p, anyone know how to do this bit i can probably do the ones after this one just this one has me stumped, i mite try it again later

@DaveSWJun 07.2004 — #It's a long time since I did it but I think one of the levels you need to take the filename out and it lists every file in the folder. It might have been level 8.

@96turnerriJun 07.2004 — #thanks ?

btw hows the re-deveopling of webdevfaqs going?

@David_HarrisonJun 07.2004 — #If you want some help with some of the challanges, you can get it [url=http://www.webdevforums.com/showthread.php?t=2675]here[/url].

Btw, thanks to Dave I finally know how to do number 8!!! (I had to just ask a friend for the password that he found on google. ?)

@Daniel_TJun 08.2004 — #I can't figure out number 8.... you would need to get a directory listing, but I can't find a way to do that, seeing there is an index.htm file... ?

@David_HarrisonJun 08.2004 — #Where's the index page?

http://www.academy.dyndns.org/hackit8/hackit8.htm

@SamJun 08.2004 — #Level 8 wasn't too hard, but level 10 is proving to be quite killer... It must be referrer checking or something, cuz its executing a script, but the script its linking to has no code in it... just a big comment.

@DaveSWJun 08.2004 — #[i]Originally posted by 96turnerri [/i]

[B]thanks ?

btw hows the re-deveopling of webdevfaqs going? [/B][/QUOTE]
Slowly, but it's coming!

@DaveSWJun 08.2004 — #[i]Originally posted by Sam [/i]

[B]Level 8 wasn't too hard, but level 10 is proving to be quite killer... It must be referrer checking or something, cuz its executing a script, but the script its linking to has no code in it... just a big comment. [/B][/QUOTE]

Think relative urls.

@96turnerriJun 08.2004 — #[i]Originally posted by DaveSW [/i]

[B]Slowly, but it's coming! [/B][/QUOTE]

cool, on the old one you had three stylesheets and one layout, if you need a hand coming up with some of them for the new one presuming you are doing it, or some more scripts to go on there, i would be happy to contribute

my Skills currently are-

PHP

Javascript

(X)HTML

CSS

MySQL(Basic Knoledge ?)

Rich

@DaveSWJun 08.2004 — #Cheers. Pyro is the main man so I'll pass it on.

@Daniel_TJun 08.2004 — #Grrrr!! Am I stupid? Why is noone having trouble with 9? It seems to be similar to number 8.... only with this one, you can't get a directory listing from http://scifi.pages.at/hackits/nine/ ... hint?

@SamJun 08.2004 — #Disable javascript and press ctrl+a

@Daniel_TJun 08.2004 — #Ah, to be honest, i never would've thought of that.

[b]**EDIT**[/b]

I remember from a thread a while back that there is one you have to guess at. Looks like number 10 is it. But WTF are you supposed to get from that hint? There [i]could[/i] be tons of prime numbers between n and 2n ?

@SamJun 08.2004 — #I was viewing the source and i saw <font color="#000"> and it kinda clued me off (I just happened to have javascript disabled at the time). Good luck with level 10... i still haven't figured it out

@SamJun 08.2004 — #GOT IT!

[b]EDIT:[/b] BTW, no guessing involved

@DaveSWJun 08.2004 — #Examine that noscript carefully! lol

@DaveSWJun 08.2004 — #[i]Originally posted by Sam [/i]

[B]Disable javascript and press ctrl+a [/B][/QUOTE]

Or use opera, press ok with the wrong pasword and then press the back button

@SamJun 08.2004 — #yeah, good point... 11 is proving to be quite killer as well...

@SamJun 08.2004 — #By the way, just a hint for #10... If you haven't figured it out yet it may be easier with <gasp>IE</gasp> (Since its got this big security/privacy hole that you probably know about)

@96turnerriJun 08.2004 — #im stuck on 10 giving it a rest for a while, sam how did you change ur username? i want to change mine to 96, did you email an admin? Rich

@SamJun 08.2004 — #PM'd pete... here's another hint (because I'm still stuck on #11) temporary internet files

@96turnerriJun 08.2004 — #ok thanks ?

yeah the script source is reference as www..........js so but its missing something off the begining, so it may not be http:// is what i can think of

Rich

@SamJun 08.2004 — #just load the page in IE, then open source4.js from your temporary internet files

@DaveSWJun 08.2004 — #keep thinking along those lines and them just paste that url into the old url instead of the filename...

Relative urls...

@96turnerriJun 08.2004 — #11 was easy sam, give you a clue as you helped me with 10, wesleys mentor, if you dont watch star trek let me know and ill give you something none star trek related ?

@SamJun 08.2004 — #never watched an episode...

@96turnerriJun 08.2004 — #you deprived young man

ok there are five codes,

what ones do you have so far?

@SamJun 08.2004 — #i got:

where

metim

and

space

..tee.m

obviously 1 or more of those are wrong (my guess is #2)

@96turnerriJun 08.2004 — #my guess is two and five, how i approached those two is to solve it as a code put some values in and see what you get and after about 4or5 work back with from the if statement

where is right

2) clue below

and is right

space is right

5) clue below

2) H.G. Wells - The .... Machine

5) im not sure of a clue for this ok how about a dyslexic person spelling team backwards and then adding three dots after, no u probably wont get that if you dont let me know cos im trying to think of a clue

@96turnerriJun 08.2004 — #or clue for 5)

13-5-5-20-.-.-. now thats not morse code the hyphens represent gaps, altho there are none in the answer just helps you to solve it ?

@SamJun 08.2004 — #wow... got it, and turns out its like one of the 3 star trek characters i've heard of... never did figure out # 5, so i just skipped it

@96turnerriJun 08.2004 — #lol what are the other two let me guess

i bet at least one of them is kirk, spock or worf, maybe even both

@SamJun 08.2004 — #nope... data and spock

@96turnerriJun 08.2004 — #doh' i was gona say data instead of worf, o well im on level 12 now and gona give it a rest, ill post back here to let you all know how i get on

Rich

@Daniel_TJun 08.2004 — #Well, I'm still in 10 ? Don't worry though, I haven't been working on it for 3 and a half hours. I [i]do[/i] go to school, ya know ? Anyways, you say it's easier in IE? Well, I can't seem to find any difference in IE. Is it even possible to disable JS in IE? Because I can't find any other way to view the source of [color=red]1tth0hmeth.[/color] in IE.

[color=red]Scrambled so people won't just copy the location, of course ?[/color]

@SamJun 08.2004 — #I finally figured out what Dave was talking about... here's something that should help you... on your personal website, cut & paste this code onto a page and click the link:

<a href="www.ryanbrill.com">Ryan Brill</a>

@David_HarrisonJun 08.2004 — #If it's the one I'm thinking of (and it probably isn't) then you can use, right click --> save target as in IE.

I did these a while ago so please ignore me if I'm wrong.

Edit: That was aimed at Daniel T btw.

@Daniel_TJun 08.2004 — #[i]Originally posted by Sam [/i]

[B]I finally figured out what Dave was talking about... here's something that should help you... on your personal website, cut & paste this code onto a page and click the link:

<a href="www.ryanbrill.com">Ryan Brill</a> [/B][/QUOTE]
That sends me to http://thenamesdan.com/www.ryanbrill.com (a 404 error).... i'm stumped ?

@SamJun 08.2004 — #ok, look how the script is linked on #10

@Daniel_TJun 08.2004 — #D'oh! :p

@Daniel_TJun 08.2004 — #OK, on level 11, I have:

where

timet

and

space

e..m.et (because as far as I could see, there was nothing actually being done to the value of f.... I'm probly way off)

What am I doing wrong?

@SamJun 08.2004 — #read back (like post 35ish)

@Daniel_TJun 08.2004 — #Ah, ok... though I have no idea how it got those... anyways, I'm takin' a break.

@96turnerriJun 08.2004 — #[i]Originally posted by Daniel T [/i]

[B]Ah, ok... though I have no idea how it got those... anyways, I'm takin' a break. [/B][/QUOTE]

so im now refered to as an 'it', thanks ?

@Daniel_TJun 08.2004 — #[i]Originally posted by 96turnerri [/i]

[B]so im now refered to as an 'it', thanks ? [/B][/QUOTE]
Actually, I was referring to the script ? But you can be an [i]it[/i] too, if you'd like...

@96turnerriJun 08.2004 — #im taking a break on level 12 havnt looked at it yet tho

@Daniel_TJun 09.2004 — #Number 12 was a piece of cake, but it takes guesswork. There are about 50 possible combinations, but only 1 will work. Just find the pattern and go in a logical sequence until you find the right one ? Scroll down for a very vauge hint...

1024x768 ?

@Daniel_TJun 09.2004 — #Number 13 is Java... gonna need some extra software for this one ?

@96turnerriJun 09.2004 — #hehe im gona need java, number is stupid

mull=mull*number

if(mull=12)

so number has to equal 12

yet you cant do 12

@Daniel_TJun 09.2004 — #Another hint:

Find the pattern: 1223, 1341, 1621...

@96turnerriJun 09.2004 — #lol those numbers show no pattern, there are only two and they both use 0's

@Daniel_TJun 09.2004 — #[i]Originally posted by 96turnerri [/i]

[B]lol those numbers show no pattern[/B][/QUOTE]
Or do they....

MAJOR HINT COMING RIGHT UP!!

[size=1]product of the digits[/size] ?

Like I said, there are about 50 combinations, and only one will work.

@SamJun 09.2004 — #god... finaly... my 20th guess

@Daniel_TJun 09.2004 — #Heh heh. I went in order of possible numbers, and I was thinking I couldn't use the one higher number, so it took a while... ?

@SamJun 09.2004 — #BTW: [url=http://kpdus.tripod.com/jad.html#download]JAD[/url] is an exquisite java decompiler

@Daniel_TJun 09.2004 — #I like DJ Java Decompilier... http://www.simtel.net/product.download.mirrors.php?id=60196

@96turnerriJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]god... finaly... my 20th guess [/B][/QUOTE]

well i cant work out what im guessing, the product of the digits is meant to be 12? does it matter on order is

6411 same as 1146

@Daniel_TJun 09.2004 — #[i]Originally posted by 96turnerri [/i]

[B]well i cant work out what im guessing, the product of the digits is meant to be 12? does it matter on order is

6411 same as 1146 [/B][/QUOTE]
Yes, it does matter. You gotta be patient ? Make a list in Notepad of all the possible combinations, then try them all.

@96turnerriJun 09.2004 — #all possible combinations that can equal 12, god that mite take a while

@Daniel_TJun 09.2004 — #[i]Originally posted by 96turnerri [/i]

[B]all possible combinations that can equal 12, god that mite take a while [/B][/QUOTE]
Nah, took me 'bout 10 minutes, and I was missin' a whole chunk of possible answers, so it took me longer than it should have.

This sucks. I don't know a thing about Java ? Though, it looks somewhat similar to Javcascript, so I think I can manage ?

@96turnerriJun 09.2004 — #ffs :mad:

tried all of these and its not accepting it what am i missing

1119-1191

1128-1182

1137-1173

1146-1164

1155

1164-1146

1173-1137

1182-1128

1191-1119

1218-8121

1317-7131

1416-6141

1515-5151

1614-4161

1713-3171

1812-2181

1911

1281-1821

1371-1731

1461-1641

1551

1641-1461

1731-1371

1821-1281

2181-8112-8211

3171-7113-7311

4161-6114-6411

5151-5115-5511

6141-4116-6411

7131-3117-7311

8121-2118-8211

9111

@SamJun 09.2004 — #just a hint Dan, all that matters is what happens when an action is performed

@Daniel_TJun 09.2004 — #LOL!!! You just wasted a bunch of time!! I said [i]product[/i], not [i]sum[/i]!! ??

@SamJun 09.2004 — #Turner... Product (multiplication), not sum

[b]Edit:[/b] Oops... Dan beat me

@Daniel_TJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]just a hint Dan, all that matters is what happens when an action is performed [/B][/QUOTE]
So, if I understand correctly, variable [i]p[/i] should be something along the lines of [i]getAppletContext[/i], but that doesn't work, and niether do any of the other ones ?

@96turnerriJun 09.2004 — #ooops lol, A* at GCSE, double maths a-level shame i dont remember any of it

@96turnerriJun 09.2004 — #that sucks where else can i get java from sum microsystems is down for maintanence

@MstrBobJun 09.2004 — #For level 13, notice the URLs being created.

@Daniel_TJun 09.2004 — #[i]Originally posted by MstrBob [/i]

[B]For level 13, notice the URLs being created. [/B][/QUOTE]
Hmm...getAppletContext().showDocument(new URL(getDocumentBase(), p + ".htm"), "_self");

I've tried:

getAppletContext

showDocument

new

new URL

URL

getDocumentBase

Am I even close???

@MstrBobJun 09.2004 — #Yes, but notice the .htm Have you tried inserting the value of "p"?

@Daniel_TJun 09.2004 — #:eek: THAT WOULD HAVE BEEN THE FIRST THING I WOULD HAVE TRIED!!! BUT I DIDN'T THINK IT COULD POSSIBLY BE THAT SIMPLE!!! GRRR!!

@MstrBobJun 09.2004 — #Number 14 involves waaaaaaay to much math for me, though. Yeesh, I'm almost starting to think that JavaScript is good for security.

Ok, I'm done thinking it. I just saw how many people have cracked through to level 16.

@Daniel_TJun 09.2004 — #Number 14 is scaring me ? It would help if I had a calculator too, but the damn Sasser worm ate that up ?

@Daniel_TJun 09.2004 — #I was flyin' through 14! That is, until I reached the while() statement ?

PS: Best if you work it out on a piece of paper ?

[b]**EDIT**[/b]

Actually, it is good to copy the source, then go through the Javascript replacing figuring out then replacing the variables. For example, when you see this:a=eval(ls.substring(0,2))-91;
You can replace it with this after you figure out that the value of a is 8:a=8;

@Daniel_TJun 09.2004 — #OK, I've spent the last hour going over the whole thing, and all I ended up with was:

abl=13;

?

BTW, here's the result of my little solve-and-replace technique:

&lt;!-- Hide from JavaScript-Impaired Browsers
 al="`1234567890-=~!@#$%^&amp;*()_+qwei"
 +"fyutop[]QWERTYUIOP{}|oeeiflryt;A"
 +"ASYENDKQ:ajeeurj,./ZXCVBNM&lt;&gt;c?";
 ab1="";
 bctr=0;
 count=0;
 function ckPwd(){
 tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
 ls=document.pd.pe.value;
 a=8; // a=8
 ls="9881643741603838598498816760606041815967 "; // length is 41
 nls="";
 flg=0;
 ab=5;
 
 <i>    </i>abl="5";
 <i>	</i> oab1="5";
 ls="81643741603838598498816760606041815967 "; // length is 39
 for (var i=0;i&lt;ab;i++)	{
 nr=eval(ls.substring(0,2))-a;
 ls=ls.substring(2,ls.length);
 nls="e";
 }
 nls=nls+al.charAt(count+11); // e-
 if (nls.indexOf(document.isn.username.value+"-"+document.isn.passwrd.value+"-")&gt;-1){
 flg=1;
 }
 
 if (flg==1){
 tstOk();
 }
 else{
 bctr++;
 if (bctr&gt;3){
 location.href="denied.htm";
 }
 else{
 alert("Sorry. Bad Username or Password."
 +" Failed Attempt #"+bctr+".");
 }
 }
 }
 function tstOk(){
 ab1=13;
 alert("Access Granted");
 location.href=tst.substring(1,5)+".htm";
 }
 function srand() {
 today=new Date();
 rand=today.getTime();
 picker=""+rand
 picker=picker.charAt((picker.length-4));
 rec=eval(picker);
 }
 document.write(tst);
 // End Hiding --&gt;

PS: What the hell is srand() doing in there? Does it have a purpose??

@SamJun 09.2004 — #geez that was difficult... you have to be l337 to get that... (That will make since when you figure it out)

@Daniel_TJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]geez that was difficult... you have to be l337 to get that... (That will make since when you figure it out) [/B][/QUOTE]
You got it Sam???? Was I on the right track at least?

@SamJun 09.2004 — #sorta... i'd recommend rather than replacing values, just echo the hell outta it... here's a little snippet of my super-verbose version:

<i>
 </i>  theid=document.getElementById('output');
 tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
 ls="999881643741603838598498816760606041815967 ";
 theid.innerHTML+="&lt;br&gt;TST = " +tst;
 a=eval(ls.substring(0,2))-91;
 theid.innerHTML+="&lt;br&gt;A = " +a;
 ls=ls.substring(2,ls.length);
 theid.innerHTML+="&lt;br&gt;LS = " +ls;

then i just slapped a <div id="output"> in there and gave it a little overflow... if you echo every variable right after its assigned, I'd imagine you'll find a suitible password

@Daniel_TJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]sorta... i'd recommend rather than replacing values, just echo the hell outta it... here's a little snippet of my super-verbose version:

<i>
 </i>  theid=document.getElementById('output');
 tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
 ls="999881643741603838598498816760606041815967 ";
 theid.innerHTML+="&lt;br&gt;TST = " +tst;
 a=eval(ls.substring(0,2))-91;
 theid.innerHTML+="&lt;br&gt;A = " +a;
 ls=ls.substring(2,ls.length);
 theid.innerHTML+="&lt;br&gt;LS = " +ls;

then i just slapped a <div id="output"> in there and gave it a little overflow... if you echo every variable right after its assigned, I'd imagine you'll find a suitible password [/B][/QUOTE] Actually, to figure out some of that, I used the document.write() function, but that didn't end up workin' out too wel;. ? I'll try your techniqe. Obviously, it has something to do with leet, because the 13 and the 1337 clue u gave me tell me I was heading in the right direction...

@SamJun 09.2004 — #no numerals in the user name or password... level 15 is proving difficult as well [b]Damn you HTACCESS[/b]

@Daniel_TJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]no numerals in the user name or password... level 15 is proving difficult as well [b]Damn you HTACCESS[/b] [/B][/QUOTE] Isn't HTACCESS server-side.... I thought this was all supposed to be client-side "hacking"... ?

@SamJun 09.2004 — #it is... I may just be missing something, and there's a tip saying the password file isn't hidden, but i haven't been able to guess it yet (I've tried .htpasswd in every directory)

@Daniel_TJun 09.2004 — #[i]Originally posted by Sam [/i]

[B]it is... I may just be missing something, and there's a tip saying the password file isn't hidden, but i haven't been able to guess it yet (I've tried .htpasswd in every directory) [/B][/QUOTE]
Well, since I'm not on that level, and have NO KNOWLEDGE WHATSOEVER of htaccess, I definitely won't be of much help ? I think I better head off to bed now, too. It's 2:32 AM, and I have track meet tomorrow :eek:

@Daniel_TJun 09.2004 — #OK, the problem I'm having with this level(14) is I'm not really sure what I'm looking for! Whic variables should I be keeping an eye on for the username and which for the password? It's quite difficult trying to find and remember what two different variables are and represent when they are both in one big equasion ?

PS: Is the while() statement even needed in there? Because as far as I could see, it should only loop once anyway....

@David_HarrisonJun 09.2004 — #What are you doing?????

You're not supposed to work out the variables yourself. Look at the script, look what happens to what you enter in the form and more importantly look at where it's compared to something.

@96turnerriJun 09.2004 — #by loops once do you mean 2passes or one, because one loop is 2passes, therefore the while statement is needed

@Daniel_TJun 09.2004 — #Passes once. It is like this:

<i>
 </i>[color=red]...[/color]
 ls = 43; // what I remember, this number could be wrong, but it's close
 while(ls &gt; 28) {
 [color=red]...[/color]
 ls = "";
 }

@96turnerriJun 09.2004 — #from that bit of code it doesnt loop, its just a straight forward pass, however dont disregard it, it may be a trick (just a guess i havnt done it, i stopped at 13 and may do some later if i have time)

@David_HarrisonJun 09.2004 — #Again I say, this goes out to Daniel T [color=red]and most definately not 96turnerri[/color].[i]Originally posted by lavalamp [/i]

[B]What are you doing?????

You're not supposed to work out the variables yourself. Look at the script, look what happens to what you enter in the form and more importantly look at where it's compared to something.[/B][/QUOTE]

@96turnerriJun 09.2004 — #i am not helping him i am explaining what the difference between a pass and a loop is so take that back :p

@David_HarrisonJun 09.2004 — #Better? ?

@96turnerriJun 09.2004 — #LMAO, thanks ?

@Daniel_TJun 10.2004 — #[i]Originally posted by lavalamp [/i]

[B]Better? ? [/B][/QUOTE] LMMFAO! Nice ?

@SamJun 10.2004 — #Anyone get around the htaccess yet? (level 15)

Test you Javascript Prowess

98 Comments(s) _↴

Also in #Full-stackDeveloper _↴

Success!

Social

Version

Test you Javascript Prowess

98 Comments(s) ↴

Also in #Full-stackDeveloper ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

98 Comments(s) _↴

Also in #Full-stackDeveloper _↴