No Color

Jules303 [papashow]
10 years ago

0

Hi every one have read other post about this level but can’t see same problem me.

Have exactly that in case but whit no color can’t completed the level.

What can i do to recovery colors ?

Thank’s …

30replies
8voices
321views
dloser
10 years ago

0

The colours are not part of the challenge; ignore them. Make sure you don’t have any whitespace anywhere in the result. Some browsers might not show it.

Jules303 [papashow]
10 years ago

0

Thank you dloser ;)

But have just added some letter and some caracter whit no space for sure at this and have what i want: same in box but incompleted.
I don’t know where i’m wrong but i know i’m wrong.

[deleted user]
10 years ago

0

You might want to try that in couple of other browsers just to see how the output is displayed in each browser.

Jules303 [papashow]
10 years ago

0

Thank’s i’m go to try that Gokou ;)

chezare
10 years ago

0

it’s not the browser, i don’t remeber having colors either :p
you can have that output but with a wrong input, at least i did :p
try variations it might help; good luck :)

Jules303 [papashow]
10 years ago

0

Thank’s for luck, but i need more just luck to pass him !!!

chezare
10 years ago

0

be careful not to overthink it,
it’s not that complicated, try again with the ‘'hiding’‘ thing :p it’s an easy way to solve it, i'am not even sure there are many ways in fact :p

Jules303 [papashow]
10 years ago | edited 10 years ago

0

Thank you Chezare but i have try some changes but that doesn’t work

I don’t think it’s Spoiler cause that don’t work

My input is that

<script>alert(‘HackThis!!’);</script>

My output :

If i change for that change little the color or maybe the format but always same result ; No good !!!

Sure have try all leters and caracters and numbers !!! almost :P

dloser
10 years ago

0

Try to figure out what the filter is actually doing. That should make it clear(er) what needs to be done. Check the source for the actual output; it’s not about the rendered output.

Also, something not working doesn’t mean it cannot be a spoiler. At least put spoiler tags ([ spoiler ]…[ /spoiler ], no spaces here too :p) around your input.

chezare
10 years ago

0

as dloser said try to figure out what the filter does.
you’re close to the answer
wish i could help you more :p

Jules303 [papashow]
10 years ago

0

thank you dudes !!!

Now I know what to do for my spoiler input;)

Now i have to pass this level whit your help i think, OK ,i’m try to understand what going on between my input and the output !!!

_simple_sam
10 years ago

0

Same problemo. I don’t know if this is a spoiler or completely irrelevant but I notice that there is a hidden input in the form with a base 64 number called token. Is that important. I tried setting it to null and stuff like that - no avail. Am I barking up the wrong tree?

? [stefanking56]
10 years ago

0

@_simple_sam

I don’t think that the token is relevant.
From what i know, the token is used to help protect against CSRF(Cross Site Request Forgery) attacks.

_simple_sam
10 years ago

0

Aha… so this could well be spoiler. The reason that the characters have colors is they are in different elements. Am I getting warm —

? [stefanking56]
10 years ago

0

Nope the chatacters colors are irrelevant.Then are only used when coding to make the code look better.I can give you a hint if you want :)

_simple_sam
10 years ago

0

Yes the colors are irrelevant but I think I can get passed the encoding using the same idea. I’ll try it out. If I’m still stuck I will get back to you :)

_simple_sam
10 years ago

0

Ok same thing. I can get written in the output the result –>


but still don’t pass the level. I tried using unicode to disguis the angle brackets. Same thing. I am quite stuck. Definitely hint time!

? [stefanking56]
10 years ago | edited 10 years ago

0

Since this level is not a real world scenario, only certain answers will work.
What you are doing may work in a real scenario,but since the levels are simulated only the right answer will work

undeundetectedtected

Reply has been removed
? [stefanking56]
10 years ago

0

It doesnt have to be that complicated.
Keep this in mind
undeundetectedtected

Jules303 [papashow]
10 years ago

0

undeundetectedtected
Have see this about 100 times in forum but maybe i’m to dumb for underunderstandstand :)

_simple_sam
10 years ago

0

You and me both papashow. No Idea what to do …

Jules303 [papashow]
10 years ago

0

yep !!! i love this website but that not my way to learn cause have a picturememory and here i’m lost now !!! i’m learning python and you have for learnong to cause is forforcedced !!! hihihihi good luck dude…


0

You don’t need the colors you just have to do alterations until you get it right. I had that script in the output but didnt work. I Tried many times with different techniques until I got it right.

Reply has been removed
dloser
10 years ago

0

Contrary to what has been said, this level is a “real-world scenario” and not simulated. The goal is to have code executed, so the output has to be such that your browser does indeed show an alert message. The goal is not to have the target code (with or without colours) shown on the page.

As I said before, figure out what is actually happening. Try various inputs and see what the output is. It should be pretty clear what happens. Once you know what happens, play with that to use it to your advantage.

? [stefanking56]
10 years ago

0

@dloser
When I said that the level is simulated, I meant that the answer is simulated.
Any javascript code that is still valid after filtering will run successfully,but the website will not accept it as an answer.

And the goal isn’t to execute js code,it is to execute the supplied js code

dloser
10 years ago

0

Well, I’d say the main goal is to execute code, but, for the sake of being able to check the solution easily, specific code is required. In other words, the essence is not in being able to get the exact output, but in being able to exploit the filter.

Simulation is when instead of actually executing (vulnerable) code, you execute some (safe) approximation (e.g. nothing but a simple check on the input). In this case the vulnerable code is really executed. That the solution is verified with a simple check afterwards is not sufficient to call it simulated.

_simple_sam
10 years ago

0

So then the challenge is to get the code to execute? Is there syntactically therefore more than one exact line of code that could achieve that result. Or are the filters set in such a way that there is only one exact line of code that will work?

dloser
10 years ago

0

There are many inputs that result in code execution. There is only one that is accepted as the solution and that is the exact one that is given in the challenge description.

Jules303 [papashow]
10 years ago

0

Hi d ;) , ok guy’s where i can learn something about chage this code, maybe read about java ???

dloser
10 years ago

0

You are making me cry now… This has nothing to do with Java whatsoever.

2 replies have been removed
You must be logged in to reply to this discussion. Login
1 of 31

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss