My way using Burp | Defend the Web

progent
6 years ago

1

Guys you gave me a hard time. Thanks a lot ;-)

1.) I used burp to intercept the requests to get the entire html and Javascript code.

2.) One obstacle was the caching of the browser. The JS was not loaded every time.

3.) The second obstacle was to find the right JS script. I was looking for a (for me unknown) method to load JS which of course I didn’t find :-) A hint in the forum put me on the right track.

4.) The last part was pretty easy. I just added p=d; No need to know the password.

a = window.location.host + "";  
b = a.length;  
c = 4 + ((5 * 10) * 2);  
d = String.fromCharCode(c, -(41 - Math.floor(1806 / 13)), Math.sqrt(b - 2) * 29, (b * 8) - 29);  
p = prompt("Password:", "");  
**p=d; **                         <=====  
if (p == d) {

Had a lot of fun a****nd the same amount of sweat :-)
Keep going

Darwin [DIDIx13]
6 years ago

0

Good job very well done! :D

Message me anytime!

XMRHRX
6 years ago

0

How did you add the “p=d;”?

dimooz
6 years ago

0

[quote=XMRHRX]How did you add the “p=d;”? [/quote]

There are many ways to edit the js source, depending on your config at first, and the tools you use usually. On my side, if I remember well, I used the javascript scratchpad to edit and run the script with my own code. A very simple way to do it.

XMRHRX
6 years ago

0

Ok,thank you!