Page 1 of 2

JavaScript Challenge!!!!

PostPosted: Sat Jul 25, 2009 10:08 am
by keiferdeanbrown
Challenge solve the password

here is the JavaScript script from the source.
as you can see we only want the password no username


<script type="text/javascript">
a = document.location + "";
b = a.length;
c += ((5*10)*2);
d = String.fromCharCode(c,b*3+2,b*4-24,b*3+9);
p=prompt("Password:","");
if (p==d) {
window.location = "pass="+p;
} else {
window.location = "levels.php";
}

there is no need to worry about spoiling as this isn't from any of the missions on hackthissite.org

tell me what you would do and i will give you the outcome of your idea!
any javascript injections i will have to preform so just tell me and i will tell you exactly what yielded from it!
good luck! and have fun



The purpose of this challenge is to educate people ,as well as my self, on this particular type of javascript mission with the help of different styles that we all have. I have alot of problems with this type and need to now more styles!

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 7:47 am
by Nines
There could be any number of passwords as you haven't told us what document.location is.

The password that I'd go for would be "dell", since it seems the only non-gibberish possible password out of:

dGDN
dJHQ
dMLT
dPPW
dSTZ
dbhi
dell
dhpo
dktr
dnxu

I solved it with a simple perl script to run the calculations and print out valid filenames:

Code: Select all
#!/usr/bin/perl

my $c = 100;

for ($b=11;$b<38;$b++){
   $pass = chr($c) . chr(($b*3)+2) . chr(($b*4)-24) . chr(($b*3)+9);
   if ($pass =~ /^[a-zA-Z0-9\_\.\-]+$/){
      print $pass . "\n";
   }
}

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 8:35 am
by keiferdeanbrown
b=33


your so close!

dell has one wrong letter in it!

you didn't even know b and almost got it! that's pretty impressive to me (doesn't say much though :mrgreen: )

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 9:04 am
by Nines
I don't see how I could have a letter wrong :/

c += ((5*10)*2); // c = 100;

d = String.fromCharCode(c,b*3+2,b*4-24,b*3+9);

so:

c = 100 = d
33*3+2 = 101 = e
33*4-24 = 108 = l
33*3+9 = = 108 = l

-----------------------

Edit:

Just noticed c += 100.. So I don't know what it's original value was I assumed 0.. So it'll be ?ell where ? is an unknown.

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 9:35 am
by keiferdeanbrown
correct! again amazing!

c=4

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 9:48 am
by Nines
hell

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 11:38 am
by keiferdeanbrown
Bingo!!!!

now here is how it gets harder.

the next solve has to be proved without using the previous awesome code.

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 11:47 am
by Nines
Insert:
Code: Select all
document.write(d);

After:
Code: Select all
d = String.fromCharCode(c,b*3+2,b*4-24,b*3+9);

..and run it locally.

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 1:08 pm
by keiferdeanbrown
be more specific for me (for the challenge)

how are you going to insert it? (firebug, save page, tamper data, etc...)
how do you run it locally? (details please for the challenge)

Re: JavaScript Challenge!!!!

PostPosted: Sun Jul 26, 2009 1:32 pm
by Nines
Notepad > Paste:

Code: Select all
<script type="text/javascript">
c = 4;
b = 33;
c += ((5*10)*2);
d = String.fromCharCode(c,b*3+2,b*4-24,b*3+9);
document.write(d);
</script>


Save as whatever.html > Run.

Although, you'd have to know document.location (URL bar : javascript:document.location) To find the length, then hard-code it.. The c = 4 I think you'd omitted before by mistake or whatever and would be in the code to begin with.