Dashboard Articles Playground Discussions More
Follow

Walkthrough

KeeyLogger
5 years ago | edited 5 years ago

0

Well, comparing to the other levels, this one was really good and tricky, but here we go.

First, as we can’t look up on the console or anything, I did exactly the same thing I did before, and went here :

view-source:https://www.hackthis.co.uk/levels/javascript/5

Done, inside the source-code of the page, looking for a prompt script, but unfortunately, it wasn’t that easy.

I tried to find something at the

but there was only normal scripts that the page uses by standard, but then, when I checked the bottom part of the source code, there it was, two other JavaScript links, one named :

<script type='text/javascript' src='/files/js/min/main.js?1446747682'></script>

And the other :

<script type='text/javascript' src='/files/js/min/extra_48d468a93b.js?1510507123'></script>

So, I opened both, hit Ctrl+F and searched for a prompt script.

The main one didn’t show anything, so it had to be something with the extra one, and then I found it :

```a=window.location.host+“”;
b=a.length;
c=4+((510)2);
d=String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)29,(b8)-29);
p=prompt(“Password:”,“”);

if(p==d){
window.location=“?pass=”+p;
} else {window.location=“/levels/”;}```

Beautifully :D hahahah.

But quite some crypto weird math looking formulas there, so I went to an online editor (https://www.w3schools.com/html/tryit.asp?filename=tryhtml_basic) and pasted the code there to run :

```

document.write(d);
```

OBS:. Had to add the

ANYWAYS…

Then the output was : hapk

I went immediately back to try it and guess what ? :D

No, it wasn’t right. I got frustrated and had to think again what was wrong. :(

Then, after a few minutes analyzing the code and trying other solutions, it got me on this part of the code :

a=window.location.host+"";

The host is the website itself, so then I substituted the variable from :

a=window.location.host+"";

To :

a="https://www.hackthis.co.uk/";

And the output gave me this :

ha?

Oh, and THEN …. :D

It also wasn’t right :(

Summing up, it took me a few attempts to figure out that it was simply this :

a="www.hackthis.co.uk";

And the output :

hats

AND THEN …. :D

YES ! It was the right password ! :)

Sometimes it’s just about not giving up and trying all the possibilities you have :D

 

[quote=KeeyLogger]Stay aware of all that you bare, far below the sun[/quote]
Image

3replies
4voices
523views
fred [feuerstein]
5 years ago

0

Nice path, happy to see what you’ve done

hackaruba
5 years ago

0

Actually the easiest way of getting the javascript part interpreted was to copy paste the code in the Chrome Console :)

dimooz
5 years ago

0

It could have worked in firefox’s one as well :D

 

Image

You must be logged in to reply to this discussion. Login
1 of 4

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss