What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-15

Bright Shadows - JavaScript 6: "Isn't that easy ;-)"

Description:
Good luck!
Solution:
  1. When we enter this challenge page, it pop up an alert message like below to ask us to input the valid username.
  2. If we input anything wrong, it will direct us to an error page containing a message like below.
    Sorry but that is not right.
  3. Let's disable the JavaScript functionality of our browser first. Then, view page source code, but we could not find any JavaScript code. Actually, the code was included by a link in the header like below.

    <script type="text/javascript" src="www.bright-shadows.net/challenges/js/check.js"></script>
    

  4. Visit the link and you will find the code below.
    var input;
    input=prompt ("Login to get access!","");
    if (input == "nice_or?"){
      window.location.href="niceeyes.php"; 
    }
    else{
      window.location.href="sorrywrong.php";
    }
  5. Just input the password like 'nice_or?' or visit the URL 'niceeyes.php'.
  6. Well done!

No comments:

Post a Comment