I got it but...

Guess you just have to think about it and try everything.
And you can solve the level with the source code, but it will take some time to do that…

Hello ColdIV, thanks for your reply.

I must explain to you that I already CLEARED this level ! :p

I am just wondering how could I do this without forum’s help, because the members section URL wasn’t easy to guess, right ? :(

Well I got that but I think there are just two ways, you can look at everything, try it and find it with some luck
or you take a look at everything what’s done in the source code, then you do the same vice versa and get the information you need.

(I’d delete the Spoiler, too close to the solution I think. But I know what your point is, found it hard too in the first place)

Yes, the spoiler is maybe too close to the solution, soz. :/

That’s ok, I’ll try to think about it from myself ! Thanks mate. :)

Be safe <3

Ok guys, I think I can see your problem. If you look at the urls they are not the same. >> And if you look at the source in the first page you are told or shown nothing about members or anything like it. Then when you click on >> Login Page << the url changes to http://www.hackthis.co.uk/levels/real/level3/login.htm now when you check the source you can see this gives you a big clue. if you changed the http://www.hackthis.co.uk/levels/real/level3/login.htm to http://www.hackthis.co.uk/levels/real/level3/login.js you get a load of rubbish that is a red herring to make you thing you have to decode it somehow. So what are we looking to login with? Well we are looking for the Member Name and the password. We know the popup window is javascript and we found a login.js page which was just rubbish. What other javascript page are we looking for and what should you do to find that page? Can’t really say anymore as it would get deleted as a bad spoiler. So don’t post the answer here if you worked it out. Have a good one! :) Don’t read this if you don’t want any help with Real 3. :)

Well you CAN decode it but it would take some time…
And that’s what I meant with looking at everything and try it, I like the level ‘cause of that. Makes it look more realistic..

Yes ColdIV you can decrypt it you could say “66913”,“78323683” is admin and password but why do it the hard way?? :)

I’d say because you don’t have to think about the other way, but I guess it’s easier then decrypting… ;)

Yes it is easier and a lot quicker and you are using the best tool you have, your brain to work the problem out.
How long do you think it would take to decrypt the login.js text? You either have to sit and go through every
piece of text bit by bit or find some tool to do it for you. But like I said, using your brain to work the problem out
is good exercise for it and to complete the levels here and elsewhere the brain is the best tool you will ever have.
Thanks for your response at least you are not winging like a lot of the script kiddies on here who think they will
become hackers with what they learn on here. If it was only that easy! :)

hehe yes i agree with you IdleTester

Not every one who say he is hacker this mean he is hacker & Not every one Do SQL injection is hacker because anybody can do it and who complete this levels is not a hacker ! ! !

Well I completed it some months ago and did it with the easy way of course..
But won’t be that hard to decrypt it, it just takes time. I mean you can just look at the code and the way how it is done and do the same vice versa…
But I guess those 2 ways make the level what it is ;)

Hi IDLE not seen you for a while mate, hope all is good?
ColdIV
Yes I can see where IDLETESTER is coming from. I too did it the way he said as it is the easy way nut only easy if you know how to do it. Not so easy if you don’t. I have be a member on here for over three years and so far I have not heard of anyone doing it the decrypt way on the login.js file. Maybe someone has and I’d be interested in finding out how they did it using the decrypt method. PM me with it so it is not a spoiler on here. Hope someone PM’s me with it. Just out of interest.

I have to say that I think the way IDLETESTER explains it ( it is also the way I did it ) is a lot quicker and why make it hard for yourself?
Anyway, that’s not saying you don’t have a point ColdIV :)

Well it’s easier of course and I did it the same way as I already said..
But the other way is also quite easy, it just takes time to look at the whole source code and change it so that you can use it to get the information you need. It takes time and it’s not as easy as the other method but it is not that hard.

And the nice thing is that you can do it the way you want! And I am also interested whether someone did it the hard way or not, would be nice to know.

Hope we don’t post spoilers here ;)

solved anyway and what a vulnerability!
first i think i must do something with the code and break the code on the login.js. In fact i just need to read the source code more carefully and consider for every detail. :)

hi gays where can i find prorat 1.9v

Wrong topic @tonic21000!
And congratulation! :) That’s the best way you can do it I guess!

Use Google !!! It Helps

no i used google !!!!! but it does not help

lol. I totally did it the hard way.
To answer a previous question, it took quite a few hours to decode the url from the file and I never actually did decode the proper username (multiple options available with hash code check).

I just bypassed that section of code with what it wanted.
I was able to manually create the ary[2] hash codes to decode the url properly. The urls gave me 2/3 passwords, but it was obvious that the one I didn’t get wasn’t needed.

I come from a programming background, so I think my mind went that way too quickly.