otaku
12 years ago | edited 12 years ago

0

dont know what do i have to change so i will get the pass and user name:

```

var req, image, status, imagepath;
function loadimage(_imagepath)
{
var username= document.getElementById(‘username’).value;
var password= document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details’;

req = getreq();
req.onreadystatechange = imagexists;
req.open(“get”, imagepath, true);
req.send(null);
}

function imagexists() {
if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}

function getreq() {
if(window.XMLHttpRequest)
return new XMLHttpRequest();
else if(window.ActiveXObject)
return new ActiveXObject(“Microsoft.XMLHTTP”);
}


var req, image, status, imagepath;

function loadimage(_imagepath)
{
var username= document.getElementById(‘username’).value;
var password= document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details’;

req = getreq();
req.onreadystatechange = imagexists;
req.open(“get”, imagepath, true);
req.send(null);
}

function imagexists() {
if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}

function getreq() {
if(window.XMLHttpRequest)
return new XMLHttpRequest();
else if(window.ActiveXObject)
return new ActiveXObject(“Microsoft.XMLHTTP”);
}```

Edit: added code tags

24replies
20voices
930views
looooool [coolet]
12 years ago | edited 12 years ago

1

This maybe help:
<input type="button" value="Login" onclick="loadimage();" /> function loadimage(_imagepath) { var username= document.getElementById('username').value; var password= document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm";

Edit: added code tags

otaku
12 years ago

0

dud i;m to stupid :))) cant get it

BooyCoatl
12 years ago

0

Okay so I get the idea i might need to translate some over for the use of URLing. does username need to be translated as well?

Peter [verath]
12 years ago | edited 12 years ago

2

Since this level can be kind of hard for those that haven’t used much javascript before, I decided to go trough the code function by function. I hope someone will find this post useful.

I would strongly recommend you to try to solve the level yourself before reading this post. I’m not going to give away the password, but reading this explanation might take away large parts of the level.

First some background. This level is based on something called AJAX (http://en.wikipedia.org/wiki/Ajax_(programming). It is essentially javascript sending and receiving data to the server after the page has loaded, without the need to reload the page. Ajax is used almost everywhere nowadays, the feed to the right on this site is updated using ajax. So is the feed on facebook, twitter and most other sites.

Anyway, let’s start from the beginning.
<input type="button" value="Login" onclick="loadimage();" />
This line, as you most likely know by now, is the HTML code for the Login button. When the button is clicked a (javascript) function called “loadimage” is called.

To simplify things I’ve broken it into two parts;
function loadimage(_imagepath) { var username = document.getElementById('username').value; var password = document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm"; imagepath = URL; document.getElementById("status").innerHTML = 'Checking details...'; // ...
The first 2 lines of the function should be pretty self-explanatory, it grabs the value of the username and password and saves them to two variables.

The third line then uses these two values to create a variable called URL. For example, with a username “USER” and the password “PASS” we would get a URL variable with the value “members/USER PASS.html”.

The next few lines are quite uninteresting. Do notice though that the variable “imagepath” is set the the same value as URL.

        // ...  
    req = getreq();  
 req.onreadystatechange = imagexists;  
    req.open("get", imagepath, true);  
   req.send(null);  
}```  
This is where things get a bit weird if you haven't used ajax before. The first line uses a function "getreq". This function isn't very interesting, and i see no point in going into much detail about it, but what it essentially does is creating a new, and empty, "ajax request".   

Next line, "req.onreadystatechange = imagexists;", sets a callback function to the ajax request. Simply put, this function will be called when the request changes status (keep in mind that we haven't sent it yet though).  

The last two lines are responsible for sending the request. The open method's first three arguments, as can be seen [here](http://docs.webplatform.org/wiki/apis/xhr/methods/open), are "method", "url" and "async".  
In our example, we are sending a "GET" request to the url imagepath (remember, we set this variable earlier in the function). The last parameter is not important to us.  

finally, the function called when the status  of the ajax request changes.  

if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}```
The first if statement, readyState == 4, checks whether the request is done or not (https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#Properties).

If it is, it goes on the check if the status code (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes) is 200 (OK). If it is, you have entered a correct password and you’ll pass the level.

Luke [flabbyrabbit]
12 years ago

1

Another great post verath, thank you

dantedivel
12 years ago

0

Am I suppose to send something to get the user and pass, or am i suppose to bypass it?

J [ColdIV]
12 years ago | edited 12 years ago

0

You should read the post of verath carefully he explains everything.
but the most important part for solving the level (you should read the whole thing to understand everything) is the 2nd code:
function loadimage(_imagepath) { var username = document.getElementById('username').value; var password = document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm"; imagepath = URL; document.getElementById("status").innerHTML = 'Checking details...'; // ...
as previously posted by coolet..

Good luck

dantedivel
12 years ago

0

Thanks, got it done now that I know what I’m looking for.

PROHACKER007
12 years ago

0

man….. i love this hacker bussiness………………………..:)

Calzs34
12 years ago

0

Way too confusing :/

John8212
12 years ago

0

56

Susan S [Trinity]
12 years ago

-4

Look guys I’m only a girl and I can understand what verath is on about. The main thing to look at is the way it uses: URL= “members/” + username + “ ” + password + “.htm”; what in effect it is doing is posting into the url : http://www.hackthis.co.uk/levels/r2.php?in&user=*******&pass=****** but there is a way to find the username and password. What is this telling you? URL= “members/” + username + “ ” + password + “.htm”; look at it. Understand it. It’s simple. Use your head. ColdIV posted this:

Code:
function loadimage(_imagepath) {
var username = document.getElementById(‘username’).value;
var password = document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details…’;

the most interesting part is the URL=

How can you say Calzs34 that it is Way too confusing :/
Come on guys, I’m only a girl and I did it before reading any of this forum post.

Alex [Alexspencer]
12 years ago

0

Whoa a girl… Anyway, yeah I’m sorta getting the hang of it. Just gotta look in the right places.

Susan S [Trinity]
12 years ago

-3

Hi Alexspencer: What you mean with “Whoa a girl…” are girls not supposed to be into computers or how these machines work? Guess what I do for my job?? Anyway, I want to know how things work. I don’t want to hack to harm anyone of anything. I’m not a cracker in fact I’m not a hacker either. Just a female who can enjoy the challenge of this site as well as one or two others. Have a great weekend people. Happy Hackin' and stuff! :)

Alex [Alexspencer]
12 years ago

1

Girls can do what they want! I was just making a joke because you usually don’t see girls on something like this. Just the truth. But I’m glad to see that you enjoy learning about this stuff, too. I’m pretty new to learning how all this works, I’m really enjoying the “REAL” levels.

donaldbyers6541
12 years ago

-2

….. will you marry me? :P

Susan S [Trinity]
12 years ago

1

Alexspencer : I didn’t mean anything you said was wrong. You are quite correct, not too many of us girls on here. Should be more. What do you guys think? Is there room for more of us? Ha! Ha! Ha! :) Hey if you really like the REAL levels on here, have you tried them on hackthissite.org? Have a great weekend. :) and “donaldbyers6541 ” No! :)

Alex [Alexspencer]
12 years ago

0

Woo! Thanks, Trinity. I think this might become a new thing for me. It’s addicting trying to solve these things, they’re like puzzles. Happy “Hacking”!

[deleted user]
12 years ago

0

Hi Trinity, I’ve not been on for a while Doll. Nice to see you are still around. I’ve been a bit ill but Im ok now.
Must give you a bell and have a chat. Won’t cost too much as I know you have skype, Take care abd have a great weekend Doll. :)

hdmloki
11 years ago

0

trinity….. just because you are a girl it doesnt make it more hard for you its just girls dont like these kind of stuff(when i see it) anyway thanks and no offence not begin sexist just my opinion thanks

Shmeigo
11 years ago

0

how do you figure out the values of ‘username’ and ‘password’?

[deleted user]
11 years ago

0

Think of a certain page that might list all the users and their passwords.

[deleted user]
11 years ago

0

And yeah Trinity, it doesn’t matter if you’re a girl or not. =P

[paulau]
11 years ago

0

Im so stuck i dont know how open the javascript for see the list of user help me pls…

3 replies have been removed
You must be logged in to reply to this discussion. Login
1 of 25

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss