My attempt at a javascript challenge..

Learn the basics of how to exploit JavaScript.

My attempt at a javascript challenge..

Post by tremor77 on Fri May 07, 2010 4:01 pm
([msg=38427]see My attempt at a javascript challenge..[/msg])

I made an attempt to write my own Javascript Challenge... It's really more of an encryption challenege written in Javascript... In fact all the code used in it is from various freescript sites that I just sort of compiled and put together.

Anyway, I didn't intend for this to be a brain basher so if you do it super fast... don't hate on me.

http://mvel.org/TreMission1/

Here ya go... plus this gave me a reason to actually put something on that domain...
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by GarGleM0nster on Wed May 12, 2010 1:59 am
([msg=38585]see Re: My attempt at a javascript challenge..[/msg])

I looked at this challenge, and it looks great and for me at least some what challenging I haven't looked at it very much but at first glance to read through all that javascript in the prompt is going to take a while. Damn good mission or whatever it is intended to be :D
GarGleM0nster
New User
New User
 
Posts: 11
Joined: Mon May 03, 2010 6:43 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by tremor77 on Wed May 12, 2010 9:10 am
([msg=38589]see Re: My attempt at a javascript challenge..[/msg])

I just wanted to try my hand at writing a mission, thanks for taking a look. Let me know how it works out for you. My theory behind the mission was to.

1. Build a mission using commonly available (cut and paste) javascript code.
2. Combine a few methods of security from the absurd 'no right click' to the rather clever encryption method from http://www.javascriptkit.com/epassword/index.htm

Well that's it really, just have too much time on my hands I guess?
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by Goatboy on Wed May 12, 2010 10:02 am
([msg=38595]see Re: My attempt at a javascript challenge..[/msg])

One thing to note is that the "no right-click" method is pretty weak. Really all you need to do is copy the URL of the pop-up, paste it in a new tab, and view source from the menu bar. That opens up the source. That's where I get stuck. I've read through the functions a few times and the math seems fairly solid. I only looked at it for a few minutes (before literally falling asleep at my desk; yay finals week) but it was pretty well-written for a free short script.

ADD: And to get around the ctrl blocking, I think you might be able to remap a completely useless key (caps lock, anyone?) to have ctrl functionality. Copy+paste now available.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2816
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by sanddbox on Wed May 12, 2010 5:56 pm
([msg=38607]see Re: My attempt at a javascript challenge..[/msg])

Goatboy wrote:One thing to note is that the "no right-click" method is pretty weak. Really all you need to do is copy the URL of the pop-up, paste it in a new tab, and view source from the menu bar. That opens up the source. That's where I get stuck. I've read through the functions a few times and the math seems fairly solid. I only looked at it for a few minutes (before literally falling asleep at my desk; yay finals week) but it was pretty well-written for a free short script.

ADD: And to get around the ctrl blocking, I think you might be able to remap a completely useless key (caps lock, anyone?) to have ctrl functionality. Copy+paste now available.


I found it much easier to wget the page and edit out all that nasty javascript. I haven't looked at it enough to crack the encryption, though.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by Goatboy on Wed May 12, 2010 7:31 pm
([msg=38609]see Re: My attempt at a javascript challenge..[/msg])

sanddbox wrote:I found it much easier to wget the page...

We cannot forget our Windows brethren who are not blessed with such godly networking tools.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2816
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by GarGleM0nster on Wed May 12, 2010 9:54 pm
([msg=38618]see Re: My attempt at a javascript challenge..[/msg])

As for the no right click i just pulled up firefox and fired up firebug to easily look at it, that part is more of a retard test. And I like when the retards and little script kiddies get thinned out. :mrgreen:
GarGleM0nster
New User
New User
 
Posts: 11
Joined: Mon May 03, 2010 6:43 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by tremor77 on Wed May 12, 2010 10:04 pm
([msg=38620]see Re: My attempt at a javascript challenge..[/msg])

wheee.. exactly what I had intended.... The way I get around it is to view the source of the page that initializes the popup, locate the popup url and just paste that into the address bar which gives me the standard toolbars to work with. If I had been smarter I would have added a script to block direct access and force it into a popup.. woulda-coulda.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by sanddbox on Wed May 12, 2010 10:17 pm
([msg=38622]see Re: My attempt at a javascript challenge..[/msg])

Goatboy wrote:
sanddbox wrote:I found it much easier to wget the page...

We cannot forget our Windows brethren who are not blessed with such godly networking tools.


I am a Windows brother, my brother. There be a sacred artifact deep within the first pages of google results - wget for Windows! Make all haste and download this wonderful program. Godspeed!
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: My attempt at a javascript challenge..

Post by e_ogwe on Fri Aug 13, 2010 1:14 pm
([msg=43665]see Re: My attempt at a javascript challenge..[/msg])

sanddbox wrote:
Goatboy wrote:
sanddbox wrote:I found it much easier to wget the page...

We cannot forget our Windows brethren who are not blessed with such godly networking tools.


I am a Windows brother, my brother. There be a sacred artifact deep within the first pages of google results - wget for Windows! Make all haste and download this wonderful program. Godspeed!

Just disable javascript and copy source no need for wget

-- Fri Aug 13, 2010 4:28 pm --

GarGleM0nster wrote:I looked at this challenge, and it looks great and for me at least some what challenging I haven't looked at it very much but at first glance to read through all that javascript in the prompt is going to take a while. Damn good mission or whatever it is intended to be :D


The hardest part is in the testit function
e_ogwe
New User
New User
 
Posts: 6
Joined: Fri Aug 13, 2010 5:11 am
Blog: View Blog (0)


Next

Return to Javascript

Who is online

Users browsing this forum: No registered users and 0 guests