Menu
[url]http://scifi.pages.at/hackits/
It’s a website centered around star trek and javascript, where you ‘hack’ your way to different levels. This is accomplished by viewing the source code and determining the password. While this may seem elementary to the skilled programmer, the creator of this site actually put in some clever tricks that force you to think of how to retrieve the password. This site can also show you how vulnerable client-side security is, just a View –> Source away from being compromised. See if you can get to the sixteenth level without cheating!
[i]Originally posted by DaveSW [/i]
[B]It's that site again lol. ? [/B][/QUOTE]
[i]Originally posted by 96turnerri [/i]
[B]thanks ?
btw hows the re-deveopling of webdevfaqs going? [/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]Level 8 wasn't too hard, but level 10 is proving to be quite killer... It must be referrer checking or something, cuz its executing a script, but the script its linking to has no code in it... just a big comment. [/B][/QUOTE]
[i]Originally posted by DaveSW [/i]
[B]Slowly, but it's coming! [/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]Disable javascript and press ctrl+a [/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]I finally figured out what Dave was talking about... here's something that should help you... on your personal website, cut & paste this code onto a page and click the link:
<a href="www.ryanbrill.com">Ryan Brill</a> [/B][/QUOTE]
[i]Originally posted by Daniel T [/i]
[B]Ah, ok... though I have no idea how it got those... anyways, I'm takin' a break. [/B][/QUOTE]
[i]Originally posted by 96turnerri [/i]
[B]so im now refered to as an 'it', thanks ? [/B][/QUOTE]
[i]Originally posted by 96turnerri [/i]
[B]lol those numbers show no pattern[/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]god... finaly... my 20th guess [/B][/QUOTE]
[i]Originally posted by 96turnerri [/i]
[B]well i cant work out what im guessing, the product of the digits is meant to be 12? does it matter on order is
6411 same as 1146 [/B][/QUOTE]
[i]Originally posted by 96turnerri [/i]
[B]all possible combinations that can equal 12, god that mite take a while [/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]just a hint Dan, all that matters is what happens when an action is performed [/B][/QUOTE]
[i]Originally posted by MstrBob [/i]
[B]For level 13, notice the URLs being created. [/B][/QUOTE]
getAppletContext().showDocument(new URL(getDocumentBase(), p + ".htm"), "_self");
a=eval(ls.substring(0,2))-91;
a=8;
<!-- Hide from JavaScript-Impaired Browsers
al="`1234567890-=~!@#$%^&*()_+qwei"
+"fyutop[]QWERTYUIOP{}|oeeiflryt;A"
+"ASYENDKQ:ajeeurj,./ZXCVBNM<>c?";
ab1="";
bctr=0;
count=0;
function ckPwd(){
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls=document.pd.pe.value;
a=8; // a=8
ls="9881643741603838598498816760606041815967 "; // length is 41
nls="";
flg=0;
ab=5;
<i> </i>abl="5";
<i> </i> oab1="5";
ls="81643741603838598498816760606041815967 "; // length is 39
for (var i=0;i<ab;i++) {
nr=eval(ls.substring(0,2))-a;
ls=ls.substring(2,ls.length);
nls="e";
}
nls=nls+al.charAt(count+11); // e-
if (nls.indexOf(document.isn.username.value+"-"+document.isn.passwrd.value+"-")>-1){
flg=1;
}
if (flg==1){
tstOk();
}
else{
bctr++;
if (bctr>3){
location.href="denied.htm";
}
else{
alert("Sorry. Bad Username or Password."
+" Failed Attempt #"+bctr+".");
}
}
}
function tstOk(){
ab1=13;
alert("Access Granted");
location.href=tst.substring(1,5)+".htm";
}
function srand() {
today=new Date();
rand=today.getTime();
picker=""+rand
picker=picker.charAt((picker.length-4));
rec=eval(picker);
}
document.write(tst);
// End Hiding -->
[i]Originally posted by Sam [/i]
[B]geez that was difficult... you have to be l337 to get that... (That will make since when you figure it out) [/B][/QUOTE]
<i>
</i> theid=document.getElementById('output');
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls="999881643741603838598498816760606041815967 ";
theid.innerHTML+="<br>TST = " +tst;
a=eval(ls.substring(0,2))-91;
theid.innerHTML+="<br>A = " +a;
ls=ls.substring(2,ls.length);
theid.innerHTML+="<br>LS = " +ls;
[i]Originally posted by Sam [/i]Actually, to figure out some of that, I used the document.write() function, but that didn't end up workin' out too wel;. ? I'll try your techniqe. Obviously, it has something to do with leet, because the 13 and the 1337 clue u gave me tell me I was heading in the right direction...
[B]sorta... i'd recommend rather than replacing values, just echo the hell outta it... here's a little snippet of my super-verbose version:
<i>
</i> theid=document.getElementById('output');
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls="999881643741603838598498816760606041815967 ";
theid.innerHTML+="<br>TST = " +tst;
a=eval(ls.substring(0,2))-91;
theid.innerHTML+="<br>A = " +a;
ls=ls.substring(2,ls.length);
theid.innerHTML+="<br>LS = " +ls;
then i just slapped a <div id="output"> in there and gave it a little overflow... if you echo every variable right after its assigned, I'd imagine you'll find a suitible password [/B][/QUOTE]
[i]Originally posted by Sam [/i]Isn't HTACCESS server-side.... I thought this was all supposed to be client-side "hacking"... ?
[B]no numerals in the user name or password... level 15 is proving difficult as well [b]Damn you HTACCESS[/b] [/B][/QUOTE]
[i]Originally posted by Sam [/i]
[B]it is... I may just be missing something, and there's a tip saying the password file isn't hidden, but i haven't been able to guess it yet (I've tried .htpasswd in every directory) [/B][/QUOTE]
<i>
</i>[color=red]...[/color]
ls = 43; // what I remember, this number could be wrong, but it's close
while(ls > 28) {
[color=red]...[/color]
ls = "";
}
[i]Originally posted by lavalamp [/i]
[B]What are you doing?????
You're not supposed to work out the variables yourself. Look at the script, look what happens to what you enter in the form and more importantly look at where it's compared to something.[/B][/QUOTE]
0.1.9 — BETA 6.17