Hackthissite.org Solutions To All Javascript Missions

As the name says, these missions require knowledge of javascript. But they are only limited to analysing, these missions do not include javascript injection. Here are the links to all the solutions of javascript missions.

Javascript Mission 1: Idiot Test
Javascript Mission 2: Disable Javascript
Javascript Mission 3: Math time!
Javascript Mission 4: Var?
Javascript Mission 5: Escape!
Javascript Mission 6: go go away .js
Javascript Mission 7: JS Obfuscation. FTW!

Good luck!!!

HACKTHISSITE.ORG | Javascript Mission 7: JS Obfuscation. FTW!

Now this one is a little tricky if you are not experienced with programming. After all the earlier missions, you tend to look for the same code that you saw earlier and get obfuscated. But this one too is very simple.

Like earlier levels you will not find the exact source code in this one. The button tag you were looking earlier missions, is not present in this source code. Well guys, the button is just there, its just that you cannot see it.

Continue reading “HACKTHISSITE.ORG | Javascript Mission 7: JS Obfuscation. FTW!”

HACKTHISSITE.ORG | Javascript Mission 6: go go away .js

This mission is also as simple as the earlier were. When you will open the source code you will find two functions there namely check and checkpassw.

RawrRawr = "moo";
function check(x)
{
    "+RawrRawr+" == "hack_this_site"
    if (x == ""+RawrRawr+"")
    {
        alert("Rawr! win!");
        window.location = "about:blank";
    } else {
        alert("Rawr, nope, try again!");
    }
}

function checkpassw(moo)
{
   RawrRawr = moo;
   checkpass(RawrRawr);
}

But when you will further check out the source code, you will see that the function you are calling from button tag this time is different, than the one’s given above. It is now checkpass.

Continue reading “HACKTHISSITE.ORG | Javascript Mission 6: go go away .js”

HACKTHISSITE.ORG | Javascript Mission 5: Escape!

Unescape and escape are javascript functions used to encode and decode string just to make sure they are unreadable easily, but still its not that difficult to read them.

When you check out the source code you will find that there is an encoded string ‘%69%6C%6F%76%65%6D%6F%6F‘ and the variable moo has its decoded word i.e. our answer.

Continue reading “HACKTHISSITE.ORG | Javascript Mission 5: Escape!”

HACKTHISSITE.ORG | Javascript Mission 4: Var?

This mission is really simple. After checking out the source code you will come to know it.

RawrRawr = "moo";
function check(x)
{
    "+RawrRawr+" == "hack_this_site"
    if (x == ""+RawrRawr+"")
    {
	alert("Rawr! win!");
        window.location = "../../../missions/javascript/4
/?lvl_password="+x;
    } else {
	alert("Rawr, nope, try again!");
    }
}

In the first line, variable RawrRawr has the value ‘moo’. Then in the function there is a weird command "+RawrRawr+" == "hack_this_site", which is just to confuse you, so don’t worry. And you will also find that, like every other mission by now, this one also takes the value entered and passes it to function check and compares it with RawrRawr which still has the value ‘moo’.

Continue reading “HACKTHISSITE.ORG | Javascript Mission 4: Var?”