JS Challenge 7

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

JS Challenge 7

Post by krystah on Fri Jul 29, 2011 2:43 am
([msg=60263]see JS Challenge 7[/msg])

Before the flaming begins, I must point out that I have completed the mission, but there is something about it that bugs me. Hard.

For those of you who did the challenge years ago, what you have to do is basically decode a huge string using JS / FF.
The problem is that I did it manually, I started off manually converting hex to ascii on paper, but as you might assume, it took a while, so I got lazy and used a random hex->ascii converter for several parts and slowly put the pieces together.

The problem is - people claimed this mission to be one of the easiest ever and solvable in like 10 seconds, while I spent approximately 2 hours trying to make out how to get the decoded/processed output of a page from firefox, but to no avail. People even claimed it to be unnecessary to use JS in that challenge, and said that the "password just jumped at their face after staring at the code for 10 seconds".

I feel like a blockhead and a dumbass, seeing how I was unable to do what all the variety of illiterate, '95+ model kids could achieve. What am I not seeing? And before someone blindly points me to a W3S tutorial or something like that - I must point out that I have taken plenty of tutorials, but they did not seem to help me here.

Can anyone help me understand what others find so obvious? :(

Thanks in advance.
Krys
krystah
New User
New User
 
Posts: 7
Joined: Sat Mar 12, 2011 6:27 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by Ulven on Fri Jul 29, 2011 3:23 am
([msg=60264]see Re: JS Challenge 7[/msg])

I don't remember how I solved it, but, if you have string obfuscation like
Code: Select all
\x66\x67\x68

Then you just need to do
Code: Select all
document.write("\x66\x67\x68");

to view it
If a scripting code is ofuscated there's always a super fast way to decode it
Ulven
New User
New User
 
Posts: 11
Joined: Sun Apr 04, 2010 2:28 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by krystah on Fri Jul 29, 2011 4:22 am
([msg=60267]see Re: JS Challenge 7[/msg])

Hello and thanks for the reply. :)

I tried the method you mentioned, but only some parts of the strings would be successfully decoded. Besides, although may be possible doing it that way, it is by no means done in the blink of an eye, so I think there is something really "easy and obvious" we're missing here :|
krystah
New User
New User
 
Posts: 7
Joined: Sat Mar 12, 2011 6:27 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by Ulven on Fri Jul 29, 2011 6:03 am
([msg=60272]see Re: JS Challenge 7[/msg])

Nope, unless you can read hex codes and istantly convert them
Ulven
New User
New User
 
Posts: 11
Joined: Sun Apr 04, 2010 2:28 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by Muskelmann098 on Sat Jul 30, 2011 8:24 am
([msg=60338]see Re: JS Challenge 7[/msg])

Check the if-statement. I'm not sure, but it seems like the obfuscation is simply a decoy (I'm saying that without having actually decoded the string). The mission can be solved by looking at the if-statement, which seems to contain a very basic vulnerability.

EDIT: Not sure if this is a spoiler or not...
Muskelmann098
Experienced User
Experienced User
 
Posts: 78
Joined: Mon Feb 02, 2009 9:39 am
Blog: View Blog (0)


Re: JS Challenge 7

Post by krystah on Sat Jul 30, 2011 11:29 am
([msg=60347]see Re: JS Challenge 7[/msg])

Thanks for the reply Muskelmann, I will look into this. :)
krystah
New User
New User
 
Posts: 7
Joined: Sat Mar 12, 2011 6:27 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by mShred on Sat Jul 30, 2011 12:27 pm
([msg=60350]see Re: JS Challenge 7[/msg])

The reason you're having so much trouble doing it by hand, is just that, you're doing it by hand. Many of the people here popped opn Firebug to see what the source code looks like. But the thing is, Firebug has the decency to translate it to ASCII for us.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1687
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: JS Challenge 7

Post by krystah on Wed Aug 03, 2011 1:45 am
([msg=60480]see Re: JS Challenge 7[/msg])

mShred wrote:The reason you're having so much trouble doing it by hand, is just that, you're doing it by hand. Many of the people here popped opn Firebug to see what the source code looks like. But the thing is, Firebug has the decency to translate it to ASCII for us.


I can't believe it was actually that simple. Well, I am certainly happy that I found out how to decode it manually and not just let a plugin solve all my problems. =) Feels really good to understand what's happening behind the curtains ^_^

Thanks alot for your input, all of you:]

Cheers,
Krys
krystah
New User
New User
 
Posts: 7
Joined: Sat Mar 12, 2011 6:27 pm
Blog: View Blog (0)


Re: JS Challenge 7

Post by mShred on Wed Aug 03, 2011 1:57 am
([msg=60481]see Re: JS Challenge 7[/msg])

krystah wrote:Well, I am certainly happy that I found out how to decode it manually and not just let a plugin solve all my problems. =) Feels really good to understand what's happening behind the curtains ^_^

We need more people with this kind of attitude.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1687
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)



Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests