We are here to share whatever we had learned with everyone.
This blog is just something that we have always but didn't do it. We will be trying to write more on writeups for CTFs and some challenges from other contests.
This week we will be focusing on all the Javascript challenges from Net-Force.nl
For a start, we will kick off with Level 101.
Check out the website below. It's protected with a simple JavaScript protection. Try to crack it ;)
Secret webpage
This challenge is part of the basic training. If you don't know what to do you can check out the solution
This is the link to the original challenge: http://www.net-force.nl/challenge/level101/
Obviously, everyone can just read the solution given by the website and solved this.
Without looking at the solution that was kindly provided, let's try to understand the challenge.
If we were to access the "Secret webpage",the following pop-up dialogs will prompt us to enter an username and password.
It shouldn't be too hard right? So if we do a quick "View Source" on the "Secret webpage" with our browser. We will be able to see the following source code.
<title>Secret!</title>
<script type="text/javascript">
var username = "kiddie";
var message1 = "Username";
var un = prompt (message1,"");
var password = "javascript" ;
var message = "Password";
var incmess = "ACCESS DENIED!!!";
var minimizemsg = "Hi there!"
var pw = prompt (message,"");
if (un == username) {
if (pw != password) {
alert(incmess);
window.open("./", "_self")
} else {
alert ("Well done, use this password on the challenge page!", "_self");
window.open("../../challenges/", "_self")
}
}
if (un != username) {
alert(incmess);
window.open("./", "_self")
}
</script>
After we had gone through the above code snippet, it's pretty obvious to us what is the required username and password to solve this challenge.
The username is kiddie and the password is javascript. :D
Time to proceed to next challenge.
Cheers
0x4A61636F62
No comments:
Post a Comment