Hack This Site (HTS) Javascript 3 - Math Time!

Faith is going to test your math skills and your javascript operations

Faith is going hardcore with javascript operators...



Javascript 3 is based on the operators available in all programming and scripting languages. By looking at the source code we see that the password function does a number of mathematical functions to a number of variables and this links with the password itself. The use of google here to do the sums for us is to ensure that no mistakes are made in the calculations and to put emphasis on how useful google can really be.

After working out the sums:

foo: 47
bar: 7
moo: 14
rar: N/A

We know the value of what of moo is 14 and this somehow relates to the password. The next step is to see what the javascript function "length" returns. After looking up the function we see that it returns "the length of the string (in characters)." This is very important as it is the difference between the answer being the value 14, or a string consisting of 14 characters in length. in this case, I used: xxxxxxxxxxxxxx

Hack This Site (HTS) Javascript 2 - Disable Javascript

Faith had made a redirect script and logout with javascript to keep hackers away



The key to this missions is the information given above. When you click on the link you see this redirect script work and make you "lose" the mission. By simply turning off javascript within your browser you disable any javascript content on a web page; in this case you stop the execution of the redirect script.

Hack This Site (HTS) Javascript 1 - Idiot Test

Faith is learning Javascript, the only thing that is protecting her from hackers is luck.

"Faith is learning javascript"



Similar to Basic 1, this mission requires very little, if any, javascript knowledge. A simple look at the source code shows us that the function that handles the login takes the password and checks if it is equal to "cookies".

Lack of tutorials recently...

Due to it being such a busy time for me at the moment and the the length of time needed to create the tutorials, write the articles and upload them etc my posts won't be regular for the next few weeks. Also, the harder the task the longer and more in-depth the tutorials need to be so I've decided to take a break from the last two basic missions on hackthissite.org and start doing the javascript missions. I've already made the video's for all these missions so they just need the articles to go along with them which means I get to post slightly more regularly as they aren't quite as complicated as the basics.

Check back soon!

Hack This Site (HTS) Basic 9

The password is again hidden in an unknown file. However, the script that was previously used to find it has some limitations. Requirements: Knowledge of SSI, unix directory structure.

"Network Security Sam is going down with the ship - he's determined to keep obscuring the password file, no matter how many times people manage to recover it. This time the file is saved in /var/www/hackthissite.org/html/missions/basic/9/.

In the last level, however, in my attempt to limit people to using server side includes to display the directory listing to level 8 only, I have mistakenly screwed up somewhere.. there is a way to get the obscured level 9 password. See if you can figure out how...

This level seems a lot trickier then it actually is, and it helps to have an understanding of how the script validates the user's input. The script finds the first occurance of '<--', and looks to see what follows directly after it."

This mission is almost identical to the previous and needs the same level of knowledge of SSI and directory traversal. You already know from the mission description that he has screwed up in allowing the viewing of files to only the level 8 directory and so you will need to go back to the level 8 mission to take advantage of the SSI injection vulnerability.

As a reminder I did a test input again to show you that your file gets saved into a temporary folder. In the last mission we executed the command "ls .." which took us from /missions/basic/8/tmp to /missions/basic/8 where the password file was kept. However, now we need to get to the 9th basic mission so not only do we need to jump back one more directory, we then need to jump into a new directory so the command becomes "ls ../../9". From here we have access to the new password file and mission 9 becomes completed :)