What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Javascript 6

go go away .js
now you see it..umm...wait... 
Level 6
Fiftysixer decided to try his hand at javascript!
All was going well until he realized that he forgot to remove the unused code, which resulted in a confusing mess.
He didn't mind, in fact, he did his best to make it even MORE confusing!

Find the password:
Check Password
  1. View page source code, and find the javascript code below.

  2. Check the whole code in detail, and you 'll find out the submit button will send password to a javascript function named "checkpass".
    < button onclick="javascript:checkpass(document.getElementById('pass').value)">Check Password< /button>
  3. But the function above is named "checkpassw".
  4. So, the real function is actually somewhere in the page. We can see there's a javascript file link contains "checkpass" like below.
  5. Visit the link and there's the real password checking function like below.

  6. Input the password "moo pwns" and check .
  7. How did you do that??? Good job!
  8. Correct, Level Up