Solution

Your first solution is really interresting!

Yes
Object.keys( window );
That javascript command show you all variables in a page :D

Oh god, I calculated everything and then realised I could just execute
String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)*29,(b*8)-29);
on the console -_-"

I use FIreBug and Console Firefox. 1. Found target - script; 2. Copy piece of script into console. 3.Use conole.log for every variable.

I used the Firefox Scratchpad (SHIFT + F4). Copy pasted this code and executed it.

a=window.location.host+""; b=a.length; c=4+((5*10)*2); d=String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)*29,(b*8)-29);

This was my way. This solution was nearly complete in the hints

javascrypt:alert(d)

Dude it’s Javascript and not Javascrypt

firebug lets you watch variables. I just added a break point and hovered over it

firebug lets you watch variables. I just added a break point and looked at the values

Something is definetly wrong with either the page or my browser. I had to solve this by looking up hints and even then those dont work. For example alert(d) for me brings back the date and time. plus my source code had no link like the one above, I used control+f to try and search it but it doesnt exist. I have no idea what has happened, i aced all the other Javascript levels in a couple of minutes without any help.

The page is fine. What you get with the methods you mentioned all depends on the context in which you try them. I suspect you are having trouble with the immediate redirect.

My solution is: String.fromCharCode(104,97,116,115) = ‘hats’

Something is definetly wrong with either the page or my browser. I had to solve this by looking up hints and even then those dont work. For example alert(d) for me brings back the date and time. plus my source code had no link like the one above, I used control+f to try and search it but it doesnt exist. I have no idea what has happened, i aced all the other Javascript levels in a couple of minutes without any help.

Why are you copy/pasting someone else’s post, @Sparadrap**?

@dloser Too lazy ? lol

because I have the same problem

and I speak french, so I can’t explain

@Sparadrap : I don’t know what your browser is, and it shouldn’t be too relevant. However I’ll explain you my approach of this level.

1. Well, I disabled JS to get access to the page without having the prompt. Indeed, my browser didn’t want to allow me to access to the source code while the prompt was here, and if I closed it, I was redirected.

2. Now that I had access to the page, I just needed to find the JS code. Nothing in the main page, so I searched in the included scripts. “prompt” is a nice keyword to search.

3. I stumbled on this included JS script:
   <script type='text/javascript' src='https://hackthis-10af.kxcdn.com/files/js/min/extra_48d468a93b.js?1429997775'></script>

I looked inside, searched for the word “prompt” and got two results. The first one is irrelevant, the second is the one I was looking for? I just needed to take a look at the code beside to find the password.

@Sparadrap**: So should I also just copy/paste my response to that original question? If you’re not even going to try to add something new to the discussion, why should we try to help you?

Also, there is no reason for those two one-line posts. Think first, then post. If needed, edit existing post.

I don’t know that someone has already said this, but not necessary to disable the javascript.
Just when the window appears just click on the “Cancel” and press ESC and then you will stay on the page and the JS not going to throw back.
And then you can view the source code…

Otherwise you can view the code without do anything with the pop-up window just press F12 or Ctrl+U and that it.

thanks Kerachi and yuriko :)

Thanks !!!!! I’m tired ^-^

With firebug you can see all the variables used in the DOM menu, goeas a bit faster then prompting Object.keys( window) then alert( ) each suspicious variables to get their value - even though it’s basically the same thing

I usedconsole.trace()
Got a highlight into the script in line 38, i looked at it and saw (p==d)
Then just console.log(d)

Instead of showing alerts, you can log all the global variables

console.log(window);

How do you inspect element from the prompt? Just curious so I learn your first solution because it was cool.

Click on the “Cancel” button then hit “Esc” and you should be able to do what I did :)

Alright thank you! :)

I followed the hard way.
After spending a lot of time I finally got the solution ..
When I researched your solutions I learned a lot about using the console.
Thank you very much..

Happy my posts still let people learn things :)

They certainly encourage learning things Mugiwara27 :D

firebug —> DOM

to see all var

I checked the two scripts at the end (main and extra) and ctrl F for the password. To find out the value of d, i tried to stop the prompt request and type d at the console. I showed some s*** date. It didn’t work. Then I copied and pasted the code on the console. Then it showed hats.

Javascript can make a web page present strange behaviors and be dynamic, so variables can change continuously.

It would be interesting to have a challenge, where we have to fight code with code.

I used the Javascript profiler in chrome found where prompt was called and followed the breadcrumb trail for the password compare d,c,b,a and pasted the variable assignments into the dev console to calculate the value.