dont know what do i have to change so i will get the pass and user name:
```
var req, image, status, imagepath;
function loadimage(_imagepath)
{
var username= document.getElementById(‘username’).value;
var password= document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details’;
req = getreq();
req.onreadystatechange = imagexists;
req.open(“get”, imagepath, true);
req.send(null);
}
function imagexists() {
if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}
function getreq() {
if(window.XMLHttpRequest)
return new XMLHttpRequest();
else if(window.ActiveXObject)
return new ActiveXObject(“Microsoft.XMLHTTP”);
}
var req, image, status, imagepath;
function loadimage(_imagepath)
{
var username= document.getElementById(‘username’).value;
var password= document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details’;
req = getreq();
req.onreadystatechange = imagexists;
req.open(“get”, imagepath, true);
req.send(null);
}
function imagexists() {
if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}
function getreq() {
if(window.XMLHttpRequest)
return new XMLHttpRequest();
else if(window.ActiveXObject)
return new ActiveXObject(“Microsoft.XMLHTTP”);
}```
Edit: added code tags
This maybe help:
<input type="button" value="Login" onclick="loadimage();" />
function loadimage(_imagepath)
{
var username= document.getElementById('username').value;
var password= document.getElementById('password').value;
URL= "members/" + username + " " + password + ".htm";
Edit: added code tags
Unfair Website….!!!!
Since this level can be kind of hard for those that haven’t used much javascript before, I decided to go trough the code function by function. I hope someone will find this post useful.
I would strongly recommend you to try to solve the level yourself before reading this post. I’m not going to give away the password, but reading this explanation might take away large parts of the level.
First some background. This level is based on something called AJAX (http://en.wikipedia.org/wiki/Ajax_(programming). It is essentially javascript sending and receiving data to the server after the page has loaded, without the need to reload the page. Ajax is used almost everywhere nowadays, the feed to the right on this site is updated using ajax. So is the feed on facebook, twitter and most other sites.
Anyway, let’s start from the beginning.
<input type="button" value="Login" onclick="loadimage();" />
This line, as you most likely know by now, is the HTML code for the Login button. When the button is clicked a (javascript) function called “loadimage” is called.
To simplify things I’ve broken it into two parts;
function loadimage(_imagepath) {
var username = document.getElementById('username').value;
var password = document.getElementById('password').value;
URL= "members/" + username + " " + password + ".htm";
imagepath = URL;
document.getElementById("status").innerHTML = 'Checking details...';
// ...
The first 2 lines of the function should be pretty self-explanatory, it grabs the value of the username and password and saves them to two variables.
The third line then uses these two values to create a variable called URL. For example, with a username “USER” and the password “PASS” we would get a URL variable with the value “members/USER PASS.html”.
The next few lines are quite uninteresting. Do notice though that the variable “imagepath” is set the the same value as URL.
// ...
req = getreq();
req.onreadystatechange = imagexists;
req.open("get", imagepath, true);
req.send(null);
}```
This is where things get a bit weird if you haven't used ajax before. The first line uses a function "getreq". This function isn't very interesting, and i see no point in going into much detail about it, but what it essentially does is creating a new, and empty, "ajax request".
Next line, "req.onreadystatechange = imagexists;", sets a callback function to the ajax request. Simply put, this function will be called when the request changes status (keep in mind that we haven't sent it yet though).
The last two lines are responsible for sending the request. The open method's first three arguments, as can be seen [here](http://docs.webplatform.org/wiki/apis/xhr/methods/open), are "method", "url" and "async".
In our example, we are sending a "GET" request to the url imagepath (remember, we set this variable earlier in the function). The last parameter is not important to us.
finally, the function called when the status of the ajax request changes.
if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}```
The first if statement, readyState == 4, checks whether the request is done or not (https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#Properties).
If it is, it goes on the check if the status code (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes) is 200 (OK). If it is, you have entered a correct password and you’ll pass the level.
print(", ".join([str(x) for x in range(1,100) if not [y for y in range(2, x) if x%y==0]]))
You should read the post of verath carefully he explains everything.
but the most important part for solving the level (you should read the whole thing to understand everything) is the 2nd code:
function loadimage(_imagepath) {
var username = document.getElementById('username').value;
var password = document.getElementById('password').value;
URL= "members/" + username + " " + password + ".htm";
imagepath = URL;
document.getElementById("status").innerHTML = 'Checking details...';
// ...
as previously posted by coolet..
Good luck
Look guys I’m only a girl and I can understand what verath is on about. The main thing to look at is the way it uses: URL= “members/” + username + “ ” + password + “.htm”; what in effect it is doing is posting into the url : http://www.hackthis.co.uk/levels/r2.php?in&user=*******&pass=****** but there is a way to find the username and password. What is this telling you? URL= “members/” + username + “ ” + password + “.htm”; look at it. Understand it. It’s simple. Use your head. ColdIV posted this:
Code:
function loadimage(_imagepath) {
var username = document.getElementById(‘username’).value;
var password = document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details…’;
the most interesting part is the URL=
How can you say Calzs34 that it is Way too confusing :/
Come on guys, I’m only a girl and I did it before reading any of this forum post.
Hi Alexspencer: What you mean with “Whoa a girl…” are girls not supposed to be into computers or how these machines work? Guess what I do for my job?? Anyway, I want to know how things work. I don’t want to hack to harm anyone of anything. I’m not a cracker in fact I’m not a hacker either. Just a female who can enjoy the challenge of this site as well as one or two others. Have a great weekend people. Happy Hackin' and stuff! :)
Alexspencer : I didn’t mean anything you said was wrong. You are quite correct, not too many of us girls on here. Should be more. What do you guys think? Is there room for more of us? Ha! Ha! Ha! :) Hey if you really like the REAL levels on here, have you tried them on hackthissite.org? Have a great weekend. :) and “donaldbyers6541 ” No! :)
12 years ago
0
Hi Trinity, I’ve not been on for a while Doll. Nice to see you are still around. I’ve been a bit ill but Im ok now.
Must give you a bell and have a chat. Won’t cost too much as I know you have skype, Take care abd have a great weekend Doll. :)
11 years ago
0
Think of a certain page that might list all the users and their passwords.
11 years ago
0
And yeah Trinity, it doesn’t matter if you’re a girl or not. =P