Monday, July 9, 2012

Solution for bright-shadows.net : JavaScript - Easy script

Solution for Bright-Shadows.net : JavaScript - Easy script

This is the link to the original challenge: http://www.bright-shadows.net/challenges/scripts/js5/index.php
However, you will need to register before you can make an attempt to solve this. 

Quest:
Please enter your username!


As this is the easiest one, let's just do a quick "view-source" and we can quickly spot the following Javascript.

<script type="text/javascript">
  function check() {
    pass     = unescape('%44%61%67%6F%62%65%72%74%20%44%75%63%6B');
    solution = pass.substr(0,8)+pass.substring(9,13)+pass.substring(8,9);
    passwd = document.formular.user.value;
    if (passwd == solution) {
      window.location.href=solution+".php";
    }
    else {
      alert("False!!!");
    }
  }
</script>

As we can see, it is trying to validate our input value against solution whereby solution is extracted from pass.


A simple solution to this is simply to place an alert right after the following:

passwd = document.formular.user.value;
 
alert(solution); 
 
and before the following: 
if (passwd == solution) {



You see "DagobertDuck " and that's the password. Please be reminded that there is a "space" in the end of the password.

That's pretty easy for everyone to understand. :D


Cheers
0x4A61636F62

No comments:

Post a Comment