Solution

Mugi [Mugiwara27]
10 years ago | edited 7 years ago

7

  1. Inspect Element on Javascript Level 5 and switch to the Console.
  2. Type :
    Object.keys( window );
    Here we have all the variables of this page :
    ["top", "window", "location", "external", "chrome", "document", "NREUM", "__nr_require", "$", "jQuery", "io", "html5", "Modernizr", "yepnope", "_gs", "timeSince", "timeString", "PopupCenter", "createCookie", "FavCounter", "loggedIn", "thecode", "_idl", "timer_start", "hljs", "socket", "favcounter", "counter_chat", "counter_notifications", "searchsuggest", "set", "a", "b", "c", "d", "p", "__commandLineAPI"]
  3. I found : a - b - c -d - p, so I thought that testing them wouldn’t be a bad idea :
    alert(a) // Result to " hackthis.co.uk " alert(b) // 18 --> Tested 18 and still nothing so let's try the next one alert(c) // 104 --> Tested 104 and won't work alert(d) // "hats" and that worked ! :D

Here’s another way to pass the level :

Check the source code of the level with that url :
view-source:https://www.hackthis.co.uk/levels/javascript/5
Scroll down and search for those lines :
<script type='text/javascript' src='/files/js/min/main.js?1406192611'></script> <script type='text/javascript' src='/files/js/min/extra_48d468a93b.js?1406320915'></script>
Now let’s take a look at the second .js
Scroll down to the end of page and look at :
a=window.location.host+"";b=a.length;c=4+((5*10)*2);d=String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)*29,(b*8)-29);p=prompt("Password:","");if(p==d){window.location="?pass="+p;}else{window.location="/levels/";
With that you’ll be able to finish the level ;)

34replies
22voices
944views
1image
1st1
10 years ago

0

Your first solution is really interresting!

Mugi [Mugiwara27]
10 years ago

0

Yes
Object.keys( window );
That javascript command show you all variables in a page :D

alfender
10 years ago | edited 10 years ago

0

Oh god, I calculated everything and then realised I could just execute
String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)*29,(b*8)-29);
on the console -_-"

freenetwork
9 years ago

0

I use FIreBug and Console Firefox. 1. Found target - script; 2. Copy piece of script into console. 3.Use conole.log for every variable.

tl0tr
9 years ago

0

I used the Firefox Scratchpad (SHIFT + F4). Copy pasted this code and executed it.

a=window.location.host+""; b=a.length; c=4+((5*10)*2); d=String.fromCharCode(c,-(41-Math.floor(1806/13)),Math.sqrt(b-2)*29,(b*8)-29);

Roknix
9 years ago

-1

This was my way. This solution was nearly complete in the hints

javascrypt:alert(d)

tl0tr
9 years ago

1

Dude it’s Javascript and not Javascrypt

nakee
9 years ago

0

firebug lets you watch variables. I just added a break point and hovered over it

nakee
9 years ago

0

firebug lets you watch variables. I just added a break point and looked at the values

Charles K [DrJava]
9 years ago

0

Something is definetly wrong with either the page or my browser. I had to solve this by looking up hints and even then those dont work. For example alert(d) for me brings back the date and time. plus my source code had no link like the one above, I used control+f to try and search it but it doesnt exist. I have no idea what has happened, i aced all the other Javascript levels in a couple of minutes without any help.

dloser
9 years ago

0

The page is fine. What you get with the methods you mentioned all depends on the context in which you try them. I suspect you are having trouble with the immediate redirect.

alealvarezarg
9 years ago

0

My solution is: String.fromCharCode(104,97,116,115) = ‘hats’

Sparadrap
9 years ago

0

Something is definetly wrong with either the page or my browser. I had to solve this by looking up hints and even then those dont work. For example alert(d) for me brings back the date and time. plus my source code had no link like the one above, I used control+f to try and search it but it doesnt exist. I have no idea what has happened, i aced all the other Javascript levels in a couple of minutes without any help.

dloser
9 years ago

0

Why are you copy/pasting someone else’s post, @Sparadrap**?

Mugi [Mugiwara27]
9 years ago

0

@dloser Too lazy ? lol

Sparadrap
9 years ago

0

because I have the same problem

Sparadrap
9 years ago

0

and I speak french, so I can’t explain

Yuriko
9 years ago

1

@Sparadrap : I don’t know what your browser is, and it shouldn’t be too relevant. However I’ll explain you my approach of this level.

  1. Well, I disabled JS to get access to the page without having the prompt. Indeed, my browser didn’t want to allow me to access to the source code while the prompt was here, and if I closed it, I was redirected.

  2. Now that I had access to the page, I just needed to find the JS code. Nothing in the main page, so I searched in the included scripts. “prompt” is a nice keyword to search.

  3. I stumbled on this included JS script:
    <script type='text/javascript' src='https://hackthis-10af.kxcdn.com/files/js/min/extra_48d468a93b.js?1429997775'></script>

I looked inside, searched for the word “prompt” and got two results. The first one is irrelevant, the second is the one I was looking for? I just needed to take a look at the code beside to find the password.

dloser
9 years ago

0

@Sparadrap**: So should I also just copy/paste my response to that original question? If you’re not even going to try to add something new to the discussion, why should we try to help you?

Also, there is no reason for those two one-line posts. Think first, then post. If needed, edit existing post.

Kerachi
8 years ago

0

I don’t know that someone has already said this, but not necessary to disable the javascript.
Just when the window appears just click on the “Cancel” and press ESC and then you will stay on the page and the JS not going to throw back.
And then you can view the source code…

Otherwise you can view the code without do anything with the pop-up window just press F12 or Ctrl+U and that it.

Sparadrap
8 years ago

0

thanks Kerachi and yuriko :)

hackerbaker999
8 years ago

0

Thanks !!!!! I’m tired ^-^

prozac2.0
8 years ago

0

With firebug you can see all the variables used in the DOM menu, goeas a bit faster then prompting Object.keys( window) then alert( ) each suspicious variables to get their value - even though it’s basically the same thing

Adohk
8 years ago | edited 8 years ago

1

I usedconsole.trace()
Got a highlight into the script in line 38, i looked at it and saw (p==d)
Then just console.log(d)

armlessJohn
8 years ago

0

Instead of showing alerts, you can log all the global variables

console.log(window);

Image

Zajt
7 years ago

0

How do you inspect element from the prompt? Just curious so I learn your first solution because it was cool.

Mugi [Mugiwara27]
7 years ago

0

Click on the “Cancel” button then hit “Esc” and you should be able to do what I did :)

Zajt
7 years ago

0

Alright thank you! :)

pmdr.geo
7 years ago

0

I followed the hard way.
After spending a lot of time I finally got the solution ..
When I researched your solutions I learned a lot about using the console.
Thank you very much..

Mugi [Mugiwara27]
7 years ago

0

Happy my posts still let people learn things :)

pmdr.geo
7 years ago

0

They certainly encourage learning things Mugiwara27 :D

yoshi96
6 years ago

0

firebug —> DOM

to see all var

charcode78
6 years ago

0

I checked the two scripts at the end (main and extra) and ctrl F for the password. To find out the value of d, i tried to stop the prompt request and type d at the console. I showed some s*** date. It didn’t work. Then I copied and pasted the code on the console. Then it showed hats.

Javascript can make a web page present strange behaviors and be dynamic, so variables can change continuously.

It would be interesting to have a challenge, where we have to fight code with code.

Jeksterxx
6 years ago

0

I used the Javascript profiler in chrome found where prompt was called and followed the breadcrumb trail for the password compare d,c,b,a and pasted the variable assignments into the dev console to calculate the value.

You must be logged in to reply to this discussion. Login
1 of 35

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss