JavaScript level 2 discussion / hints

Anonymous [KSem]
9 years ago

0

Just need some help with this level… I understand how it is going but can’t get to the site w the pass…
This is the code you need to look at:





Password:






           </div>  
          <div id="sidebar">  

.
I see that the correct one is if getElementById is good then it is correct, and the password should be near to “j2.php?pass=” still tried to get to the page by changing the url, but its not working for me… Waiting for suggestions and help

!

64replies
31voices
279views
1image
[deleted user]
9 years ago

0

You’re missing a little code javascript. Please read carefully page source code. You’ll find answer.

Anonymous [KSem]
9 years ago

0

Give me a little hint: Is it on the source code page? its not jrules :D

[deleted user]
9 years ago

0

My above hint said that you read carefully by view page source code. Because you don’t read carefully so you missed a little codes.

Anonymous [KSem]
9 years ago

0

Thank you, I’ll read it five more times :D
I’ll read it five more times very carefully.

[deleted user]
9 years ago

1

This is a little code that you missed.
```

```

Anonymous [KSem]
9 years ago

0

This is a little code that you missed.
Code:

tulu

Thank you! I knew it was going to do something I just didn’t had a clue on what… :D
Passed through this code every time… Now I know why I was wrong :) thanks for the help

Anonymous [KSem]
9 years ago

2

NOW I get it!
so.. first you read the code under the submit button:
<label for="pass">Password:</label> <input type="password" name="pass" id="pass" autocomplete='off'/><br/> <input type="button" class="form_button" value="Submit" onclick="javascript:checkpass();"/>
And you need the “javascript:checkpass()” part which is the method for checking the password. It appears before, in this code which describes the method checkpass() what should do.
function checkpass() { if (document.getElementById("pass").value.length == length) { document.location = "j2.php?pass=" + document.getElementById("pass").value; } else { alert("Incorrect Password");
and if pass.value.length == length
(== equals exactly the same)
then this thing comes in the game :
var length = 5; var x = 3; var y = 2; y = Math.sin(118.13); y = -y; x = Math.ceil(y); y++; y = y+x+x; y *= (y/2); y++; y++; length = Math.floor(y);
Its more understandable now :D
I hope it is not too many to be taken down by not only giving hint, but I guess everyone else can figure it out now…
Thanks for help tulu!

[deleted user]
9 years ago

0

Okie. Try your best :)

npstark9
9 years ago

0

Am I going to need a calculator for this?!?

daMage
9 years ago

0

No calculator needed here:)

Anonymous [KSem]
9 years ago

0

Am I going to need a calculator for this?!?
I think so :D

Anonymous [KSem]
9 years ago

0

But the challange w the binary code I used calculator…

Anonymous [KSem]
9 years ago

0

No calculator needed here:)
Agree.

daMage
9 years ago

0

Sure, I think you could use a calculator, but I for example didn’t…

npstark9
9 years ago

0

Ok so your saying I just need to find the correlation between the 2 javascript codes? and what the algebra stuff is all about?

npstark9
9 years ago

0

Is the code a number?? Or a word?? Is this some sort of encryption? jeez is suck…

[deleted user]
9 years ago

0

You can use calculator or write a little code that display string that you find.

Kumar Ankit [Kumar_Ankit]
9 years ago | edited 9 years ago

0

You have enter any word of a certain length……

[deleted user]
9 years ago | edited 9 years ago

0

[color=“white”]Hi Guys but you seem to be making things hard on this javascript level 2. If you look at the source code and remember
it is Javascript Level 2 so you are looking for some javascript in the source code. Search the code and you will see this:

[color=“yellow”]Javascript:
function checkpass() {
if (document.getElementById(“pass”).value.length == length) {
document.location = “j2.php?pass=” + document.getElementById(“pass”).value;
} else {
alert(“Incorrect Password”);
}[color=“white”]

This code is waiting for you to enter the password, it is also wanting the value of pass
by the get statement like this: j2.php?pass= now what does j2.php?pass equal? How can
we find that out? Remember what I said? It’s javascript. We are looking for a value and
the variable that contains the value we are looking for is:
if (document.getElementById(“pass”).value.length == [color=“red”]length[color=“white”]) {

So how do we get the value of length?
Simple: Remember how to read a cookie??
javascript:alert(document.cookie); – ( if you are using Firefox you will need to use the JavaScript Scratchpad.)
You can get the JavaScript Scratchpad coming up if you just press shift and F4 at the same time. Ok,
so that’s how to find out what cookie we have.

But what we want is the value of ‘length’ remember ‘length’ is a variable used so if we simply enter into
the JavaScript Scratchpad javascript:alert(length); What will we get? Try it and see. [color=“white”]

So what could the password be??? We got a number coming up for the value of ‘length’ but what is it?
The javascript is saying: document.location = “j2.php?pass=” + document.getElementById(“pass”).value;
“j2.php?pass=” + the value of length. This is saying that it makes no odds what letters or numbers you
enter for the password, as long as it is the value of length. So if the value of length was let’s say 26 we
could enter any 26 letters or numbers would be equal to the password.

Phew! Hope I haven’t overstepped the mark with this short tut on the Javascript level 2??
If I have I’m sure daMage or Flabby will give me a slapped hand? :)
I hope you understand that and have an idea how to get the password? :)

J [ColdIV]
9 years ago

0

Not sure if that’s a hint or a solution but nice work d:
I doubt that there is a chance that they don’t complete the level now..

minionkat
9 years ago

0

=)) well, i can’t complete the level even with that hint :))))

belzebub
9 years ago

0

hi guys! i too can’t get it even with the help of all the hints in this thread… it’s hard to understand specially i have a few knowledge on java..

[deleted user]
9 years ago

0

You need to approach program language. If you don’t have about acknowlegde so you will encounter difficult.

Pawda [Memoria]
9 years ago

0

In general, if you want success all the levels here yeah you will basically needs to understand algorithmics.
But for this one, ANONRA already said everything and even explain you how to think x.x

belzebub
9 years ago

0

thanks guys.. hope to solve this next week.. :) i hope i can have time to read about basic of java.. :)

YannisHola
9 years ago | edited 9 years ago

0

Remember, you can create an alert Javascript in the URL…

Pawda [Memoria]
9 years ago

0

hm just little precision, Java != Javascript 8)

Abhishek [abhirishi7]
9 years ago

0

you don’t need a claculator here.its just mere observation and hit and trial.get to know the function of length in jscript first.
then view the checkpass script carefully.
i m sure u will get a way to come out of it.

creationxd
9 years ago

0

unable to cross this level …..

J [ColdIV]
9 years ago

0

Did you read the post of ANONRA ? It should help you a lot. If it doesn’t help you, where exactly is your problem?

TheFuckingBest
9 years ago

0

i can’t do it

J [ColdIV]
9 years ago

0

[quote=ColdIV]Did you read the post of ANONRA ? It should help you a lot. If it doesn’t help you, where exactly is your problem?[/quote]

What is it that you can’t do? Can’t read the other posts? d:

Susan S [Trinity]
9 years ago

0

Hey ColdIV, how did you place a picture in your signature? I tried using [image]image.jpg[/image] but it don’t work. I also tried image.jpg but no joy there either. Can you help? :)

J [ColdIV]
9 years ago

0

![Image](link-to-img)
Very close to it d:

Susan S [Trinity]
9 years ago

0

I tried that some time ago but it didn’t work now I tried it again and it’s fine. Weird! Thanks for your reply! :)

J [ColdIV]
9 years ago

0

No problem :)
You can take them directly from the little bar above the text box, so img should always work, don’t know why it didn’t when you tried it that indeed is weird.. :O

Susan S [Trinity]
9 years ago

0

Oh well not to worry guess I might have used { } rather than [ ] still all’s well that ends well! :)

Susan S [Trinity]
9 years ago

0

I have been reading some of the posts on here ColdIV . Do these people really have a brain? ANONRA gave them a step by step approach in how to find what they are looking for and also how they should think when looking at the source code.

Hell if he was to give them any more help he would have just given them the bloody answer. Instead he walks them through it simply and clearly. Nice one ANONRA Shame on you lot who can’t read or understand plain English.

J [ColdIV]
9 years ago

0

Well I guess most of the people don’t give a sh*t about the other posts they don’t even read them..
They just beg for the answers.

Wibben
9 years ago

0

maybe we should put a function where there is always a forum thread where all the major hints are kept, and then ask them what they are looking for, if they say something that is on the main thread, they would be navigated to it, if not, they would be allowed to start a new thread or look throught eh other smaller threads


0

what do you mean ceil =======> x = Math.ceil(y);


0

when i calculation this code i didn’t understand 2 things: 1) what mean of Y++
2) what means of math.floor? ??

Troy [TroyMac1ure]
9 years ago

0

1) The ++ is an incremental function, so Y++ is the same as writing Y = Y + 1 just a shorter form.
2) ‘Math’ is a library that contains functions and ‘floor’ is a function contained within it. If you are unsure of a function, you can almost always find information about it in a google search.

Also, for those with no programming background, another helpful tool is firebug (firefox), script debugger (IE), scripts panel (chrome). You can set a ‘breakpoint’, which basically means when this part of the code is going to be run, pause here.
Then you can add ‘watches’. These will let you see the value of a variable.

So you could create a watch for ‘y’ and put a breakpoint on the line “y = Math.sin(118.13);”. It should stop on this line and then click the step into button and watch the value of y to see how it changes.

Jellowd
9 years ago

0

Oh damn! Thanks a lot ANONRA, i’m french and i understand clearfully your big hint (anybody say solution), it works easy.
I really don’t understand how people can’t find the password with that.

PS : excuse me for some mistakes if there are.

maryam
9 years ago

0

when i used Scratchpad it didn’t work for me, it should me syntax error what should i do :/

[IAmDevil]
9 years ago

0

Hmm , try examining harder !!!
ANONRA has given a very elaborate solution !!!

shintetsu
9 years ago

0

DONT CLICK!

onClick =‘javascript:alert();’

[IAmDevil]
9 years ago

0

Caught in the act !!!

shivesh96
9 years ago

0

<body>  

<div id='pro'> <p </p></div>  

<script type="text/javascript">  
                 var length = 5;  
                 var x = 3;  
                  var y = 2;  
                  y = Math.sin(118.13);  
                   y = -y;  
                 x = Math.ceil(y);  
                   y++;  
                    y = y+x+x;  
                  y *= (y/2);  
                 y++;  
                    y++;  
                    length = Math.floor(y);  
                 alert(length);  
                                       document.getElementById('pro').innerHTML = length;  
                   alert(length);  
</script>  
</body>  

I found here the code should be 9 but it shows “incorrect Detail”.

franckdu59
9 years ago

0

I know c but what I can not give the answer: (
response and X character send me a message I help you

J [ColdIV]
9 years ago

0

@shivesh96 you are close but you should check what is done with the variable.
Getting the value is the first step but not the last and final.

franckdu59
9 years ago

0

The answer has x character has you to replace x by the number obtained otherwise come to send me a message I would answer I connect everything the same day several times a day

malingas
8 years ago

0

yes…!!! i did it.. using “belzebub ” s' clue..

[deleted user]
8 years ago

0

Hi All,

I finally understood this level.

*********** [ADIGA]
8 years ago

0

tltor, just as an add, the script creates a number and stores it into a var called length

to pass the level you will need to enter a string that is the same length as the number stored in that var

inline javascript will come handy, and yes, its not called javascript injection, its inline javascript!

[deleted user]
8 years ago | edited 8 years ago

0

ADIGA, I got it. I had completed this level before but never exactly knew exactly how the script worked but now I finally understood.

Vo Tien Dat [fives]
8 years ago

0

I have trouble in this post

rich_007
8 years ago

0

what trouble you got.
there are just functions given in the code.
1-sine(): return sin value between -1 and 1;
2-a++ function returns incremented value.
eg. a=a+1; can be written as a++; or a+=1; or a=a+2; can be written as a+=2;
3- floor and ceil function returning value as . for eg. floor(1.2) will return 1 whle ceil(1.2) will return 2;
there is nothing more to say about this level as length is also mentioned you got to mention the length.
Hope i am clear with my explaination
Image

dlogical
8 years ago

0

thanks for the help ANONRA … very good post

sqlmozzy
8 years ago

0

HINT: Find the script concerning the forms submit button. That should be all you need to start finding how to exploit it.

[deleted user]
8 years ago

0

I copied the JS code into notepad and added additional code so that the variable with the answer would display.

[deleted user]
8 years ago

0

One could also use the URL bar to inject JavaScript code. :)

loltac
8 years ago

0

I did what the guy above did, except you just needed to hit enter and the code displays. Literally, just that maths equation gives a numerical value, which is equal to the variable ‘length’. The length of password input must be equal to variable ‘length’ ie the number of characters long.

hackyou1996
7 years ago

0

i got length =9 now wat to do am not getting can anyone help me

You must be logged in to reply to this discussion. Login
1 of 65

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss