Continuing from our last blog post, we are going to solve Level 102 from Net-Force.nl
The link to the original challenge: http://www.net-force.nl/challenge/level102/
After accessing the above link, the only hints given to us are:
Find the right password and use it on the challenge page!
Again, i quickly view the source code of the page and we can see the following source code.
<title>:: Net-Force Challenge - 102 ::</title>
<link href="../../css/challenge.css" rel="stylesheet" type="text/css"></link>
<div id="challenge">
<h1>
This won't take long...</h1>
Find the right password and use it on the challenge page!
<script type="text/javascript">
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
function submitentry(){
verification = document.getElementById("passwd").value;
alert("Searching.");
alert("Searching..");
alert("Searching...");
password = numletter.substring(11,12);
password = password + numletter.substring(18,19);
password = password + numletter.substring(23,24);
password = password + numletter.substring(16,17);
password = password + numletter.substring(24,25);
password = password + numletter.substring(1,4);
if(verification == password){
alert("Well done, you've got it!");
} else {
alert("Nahh, thats wrong!");
}
}
</script>
<form action="index.php" method="post">
<input id="passwd" name="passwd" size="16" type="password" />
<input name="submit" onclick="submitentry(); return false;" type="submit" value="Enter" /></form>
</div>
<link href="../../css/challenge.css" rel="stylesheet" type="text/css"></link>
<div id="challenge">
<h1>
This won't take long...</h1>
Find the right password and use it on the challenge page!
<script type="text/javascript">
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
function submitentry(){
verification = document.getElementById("passwd").value;
alert("Searching.");
alert("Searching..");
alert("Searching...");
password = numletter.substring(11,12);
password = password + numletter.substring(18,19);
password = password + numletter.substring(23,24);
password = password + numletter.substring(16,17);
password = password + numletter.substring(24,25);
password = password + numletter.substring(1,4);
if(verification == password){
alert("Well done, you've got it!");
} else {
alert("Nahh, thats wrong!");
}
}
</script>
<form action="index.php" method="post">
<input id="passwd" name="passwd" size="16" type="password" />
<input name="submit" onclick="submitentry(); return false;" type="submit" value="Enter" /></form>
</div>
It seems that the password is within the source code but require some editing.
To solve this in a simple manner for us, just save that page.
Now let's edit the file that we had just saved and add this line
alert(password);
before the following source code.
...
if(verification == password){
alert("Well done, you've got it!");
} else {
alert("Nahh, thats wrong!");
}
Doing so, even if we enter a wrong password. We will see the actual password eventually like the following image.
From the above image, we can see that the key to this challenge is "bingo123"
Cheers
0x4A61636F62
No comments:
Post a Comment