http://scifi.pages.at/hackits/

It's a website centered around star trek and javascript, where you 'hack' your way to different levels. This is accomplished by viewing the source code and determining the password. While this may seem elementary to the skilled programmer, the creator of this site actually put in some clever tricks that force you to think of how to retrieve the password. This site can also show you how vulnerable client-side security is, just a View --> Source away from being compromised. See if you can get to the sixteenth level without cheating!

im working on it now, let you know how far i get

Rich

ok i got stuck here

http://scifi.pages.at/hackits/number8.htm

not sure ifs it trying to get access to level 8 or im on level 8, you are prompted for an entry and you are taken to it +.htm

so from what i can work out it can be anything so i got stuck :(

HELP!

It's that site again lol. :)

Originally posted by DaveSW
It's that site again lol. :)

thats not helping :p, anyone know how to do this bit i can probably do the ones after this one just this one has me stumped, i mite try it again later

It's a long time since I did it but I think one of the levels you need to take the filename out and it lists every file in the folder. It might have been level 8.

thanks :)

btw hows the re-deveopling of webdevfaqs going?

If you want some help with some of the challanges, you can get it here (http://www.webdevforums.com/showthread.php?t=2675).

Btw, thanks to Dave I finally know how to do number 8!!! (I had to just ask a friend for the password that he found on google. :D)

I can't figure out number 8.... you would need to get a directory listing, but I can't find a way to do that, seeing there is an index.htm file... :confused:

Where's the index page?

http://www.academy.dyndns.org/hackit8/hackit8.htm

Level 8 wasn't too hard, but level 10 is proving to be quite killer... It must be referrer checking or something, cuz its executing a script, but the script its linking to has no code in it... just a big comment.

Originally posted by 96turnerri
thanks :)

btw hows the re-deveopling of webdevfaqs going?
Slowly, but it's coming!

Originally posted by Sam
Level 8 wasn't too hard, but level 10 is proving to be quite killer... It must be referrer checking or something, cuz its executing a script, but the script its linking to has no code in it... just a big comment.

Think relative urls.

Originally posted by DaveSW
Slowly, but it's coming!

cool, on the old one you had three stylesheets and one layout, if you need a hand coming up with some of them for the new one presuming you are doing it, or some more scripts to go on there, i would be happy to contribute

my Skills currently are-
PHP
Javascript
(X)HTML
CSS
MySQL(Basic Knoledge ;))

Rich

Cheers. Pyro is the main man so I'll pass it on.

Grrrr!! Am I stupid? Why is noone having trouble with 9? It seems to be similar to number 8.... only with this one, you can't get a directory listing from http://scifi.pages.at/hackits/nine/ ... hint?

Disable javascript and press ctrl+a

Ah, to be honest, i never would've thought of that.

**EDIT**
I remember from a thread a while back that there is one you have to guess at. Looks like number 10 is it. But WTF are you supposed to get from that hint? There could be tons of prime numbers between n and 2n :confused:

I was viewing the source and i saw <font color="#000"> and it kinda clued me off (I just happened to have javascript disabled at the time). Good luck with level 10... i still haven't figured it out

GOT IT!
EDIT: BTW, no guessing involved

Examine that noscript carefully! lol

Originally posted by Sam
Disable javascript and press ctrl+a

Or use opera, press ok with the wrong pasword and then press the back button

yeah, good point... 11 is proving to be quite killer as well...

By the way, just a hint for #10... If you haven't figured it out yet it may be easier with <gasp>IE</gasp> (Since its got this big security/privacy hole that you probably know about)

im stuck on 10 giving it a rest for a while, sam how did you change ur username? i want to change mine to 96, did you email an admin? Rich

PM'd pete... here's another hint (because I'm still stuck on #11) temporary internet files

ok thanks ;)

yeah the script source is reference as www..........js so but its missing something off the begining, so it may not be http:// is what i can think of

Rich

just load the page in IE, then open source4.js from your temporary internet files

keep thinking along those lines and them just paste that url into the old url instead of the filename...

Relative urls...

11 was easy sam, give you a clue as you helped me with 10, wesleys mentor, if you dont watch star trek let me know and ill give you something none star trek related ;)

never watched an episode...

you deprived young man

ok there are five codes,

what ones do you have so far?

i got:
where
metim
and
space
..tee.m
obviously 1 or more of those are wrong (my guess is #2)

my guess is two and five, how i approached those two is to solve it as a code put some values in and see what you get and after about 4or5 work back with from the if statement

where is right
2) clue below
and is right
space is right
5) clue below

2) H.G. Wells - The .... Machine
5) im not sure of a clue for this ok how about a dyslexic person spelling team backwards and then adding three dots after, no u probably wont get that if you dont let me know cos im trying to think of a clue

or clue for 5)

13-5-5-20-.-.-. now thats not morse code the hyphens represent gaps, altho there are none in the answer just helps you to solve it ;)

wow... got it, and turns out its like one of the 3 star trek characters i've heard of... never did figure out # 5, so i just skipped it

lol what are the other two let me guess

i bet at least one of them is kirk, spock or worf, maybe even both

nope... data and spock

doh' i was gona say data instead of worf, o well im on level 12 now and gona give it a rest, ill post back here to let you all know how i get on


Rich

Well, I'm still in 10 :( Don't worry though, I haven't been working on it for 3 and a half hours. I do go to school, ya know ;) Anyways, you say it's easier in IE? Well, I can't seem to find any difference in IE. Is it even possible to disable JS in IE? Because I can't find any other way to view the source of 1tth0hmeth. in IE.

Scrambled so people won't just copy the location, of course ;)

I finally figured out what Dave was talking about... here's something that should help you... on your personal website, cut & paste this code onto a page and click the link:
<a href="www.ryanbrill.com">Ryan Brill</a>

If it's the one I'm thinking of (and it probably isn't) then you can use, right click --> save target as in IE.
I did these a while ago so please ignore me if I'm wrong.

Edit: That was aimed at Daniel T btw.

Originally posted by Sam
I finally figured out what Dave was talking about... here's something that should help you... on your personal website, cut & paste this code onto a page and click the link:
<a href="www.ryanbrill.com">Ryan Brill</a>
That sends me to http://thenamesdan.com/www.ryanbrill.com (a 404 error).... i'm stumped :(

ok, look how the script is linked on #10

D'oh! :p

OK, on level 11, I have:

where
timet
and
space
e..m.et (because as far as I could see, there was nothing actually being done to the value of f.... I'm probly way off)

What am I doing wrong?

read back (like post 35ish)

Ah, ok... though I have no idea how it got those... anyways, I'm takin' a break.

Originally posted by Daniel T
Ah, ok... though I have no idea how it got those... anyways, I'm takin' a break.

so im now refered to as an 'it', thanks ;)

Originally posted by 96turnerri
so im now refered to as an 'it', thanks ;)
Actually, I was referring to the script ;) But you can be an it too, if you'd like...

im taking a break on level 12 havnt looked at it yet tho

Number 12 was a piece of cake, but it takes guesswork. There are about 50 possible combinations, but only 1 will work. Just find the pattern and go in a logical sequence until you find the right one ;) Scroll down for a very vauge hint...



































1024x768 ;)

Number 13 is Java... gonna need some extra software for this one ;)

hehe im gona need java, number is stupid

mull=mull*number

if(mull=12)

so number has to equal 12

yet you cant do 12

Another hint:

Find the pattern: 1223, 1341, 1621...

lol those numbers show no pattern, there are only two and they both use 0's

Originally posted by 96turnerri
lol those numbers show no pattern
Or do they....

MAJOR HINT COMING RIGHT UP!!

product of the digits ;)

Like I said, there are about 50 combinations, and only one will work.

god... finaly... my 20th guess

Heh heh. I went in order of possible numbers, and I was thinking I couldn't use the one higher number, so it took a while... :D

BTW: JAD (http://kpdus.tripod.com/jad.html#download) is an exquisite java decompiler

I like DJ Java Decompilier... http://www.simtel.net/product.download.mirrors.php?id=60196

Originally posted by Sam
god... finaly... my 20th guess

well i cant work out what im guessing, the product of the digits is meant to be 12? does it matter on order is

6411 same as 1146

Originally posted by 96turnerri
well i cant work out what im guessing, the product of the digits is meant to be 12? does it matter on order is

6411 same as 1146
Yes, it does matter. You gotta be patient ;) Make a list in Notepad of all the possible combinations, then try them all.

all possible combinations that can equal 12, god that mite take a while

Originally posted by 96turnerri
all possible combinations that can equal 12, god that mite take a while
Nah, took me 'bout 10 minutes, and I was missin' a whole chunk of possible answers, so it took me longer than it should have.

This sucks. I don't know a thing about Java :( Though, it looks somewhat similar to Javcascript, so I think I can manage :)

ffs :mad:

tried all of these and its not accepting it what am i missing

1119-1191
1128-1182
1137-1173
1146-1164
1155
1164-1146
1173-1137
1182-1128
1191-1119

1218-8121
1317-7131
1416-6141
1515-5151
1614-4161
1713-3171
1812-2181
1911

1281-1821
1371-1731
1461-1641
1551
1641-1461
1731-1371
1821-1281

2181-8112-8211
3171-7113-7311
4161-6114-6411
5151-5115-5511
6141-4116-6411
7131-3117-7311
8121-2118-8211
9111

just a hint Dan, all that matters is what happens when an action is performed

LOL!!! You just wasted a bunch of time!! I said product, not sum!! :D:D

Turner... Product (multiplication), not sum
Edit: Oops... Dan beat me

Originally posted by Sam
just a hint Dan, all that matters is what happens when an action is performed
So, if I understand correctly, variable p should be something along the lines of getAppletContext, but that doesn't work, and niether do any of the other ones :(

ooops lol, A* at GCSE, double maths a-level shame i dont remember any of it

that sucks where else can i get java from sum microsystems is down for maintanence

For level 13, notice the URLs being created.

Originally posted by MstrBob
For level 13, notice the URLs being created.
Hmm...getAppletContext().showDocument(new URL(getDocumentBase(), p + ".htm"), "_self");

I've tried:

getAppletContext
showDocument
new
new URL
URL
getDocumentBase

Am I even close???

Yes, but notice the .htm Have you tried inserting the value of "p"?

:eek: THAT WOULD HAVE BEEN THE FIRST THING I WOULD HAVE TRIED!!! BUT I DIDN'T THINK IT COULD POSSIBLY BE THAT SIMPLE!!! GRRR!!

Number 14 involves waaaaaaay to much math for me, though. Yeesh, I'm almost starting to think that JavaScript is good for security.


Ok, I'm done thinking it. I just saw how many people have cracked through to level 16.

Number 14 is scaring me :( It would help if I had a calculator too, but the damn Sasser worm ate that up :(

I was flyin' through 14! That is, until I reached the while() statement :(

PS: Best if you work it out on a piece of paper ;)

**EDIT**
Actually, it is good to copy the source, then go through the Javascript replacing figuring out then replacing the variables. For example, when you see this:a=eval(ls.substring(0,2))-91;
You can replace it with this after you figure out that the value of a is 8:a=8;

OK, I've spent the last hour going over the whole thing, and all I ended up with was:

abl=13;

:confused:

BTW, here's the result of my little solve-and-replace technique:<!-- Hide from JavaScript-Impaired Browsers
al="`1234567890-=~!@#$%^&*()_+qwei"
+"fyutop[]QWERTYUIOP{}|oeeiflryt;A"
+"ASYENDKQ:ajeeurj,./ZXCVBNM<>c?";
ab1="";
bctr=0;
count=0;
function ckPwd(){
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls=document.pd.pe.value;
a=8; // a=8
ls="9881643741603838598498816760606041815967 "; // length is 41
nls="";
flg=0;
ab=5;

abl="5";
oab1="5";
ls="81643741603838598498816760606041815967 "; // length is 39
for (var i=0;i<ab;i++) {
nr=eval(ls.substring(0,2))-a;
ls=ls.substring(2,ls.length);
nls="e";
}
nls=nls+al.charAt(count+11); // e-
if (nls.indexOf(document.isn.username.value+"-"+document.isn.passwrd.value+"-")>-1){
flg=1;
}

if (flg==1){
tstOk();
}
else{
bctr++;
if (bctr>3){
location.href="denied.htm";
}
else{
alert("Sorry. Bad Username or Password."
+" Failed Attempt #"+bctr+".");
}
}
}
function tstOk(){
ab1=13;
alert("Access Granted");
location.href=tst.substring(1,5)+".htm";
}
function srand() {
today=new Date();
rand=today.getTime();
picker=""+rand
picker=picker.charAt((picker.length-4));
rec=eval(picker);
}
document.write(tst);
// End Hiding -->

PS: What the hell is srand() doing in there? Does it have a purpose??

geez that was difficult... you have to be l337 to get that... (That will make since when you figure it out)

Originally posted by Sam
geez that was difficult... you have to be l337 to get that... (That will make since when you figure it out)
You got it Sam???? Was I on the right track at least?

sorta... i'd recommend rather than replacing values, just echo the hell outta it... here's a little snippet of my super-verbose version:

theid=document.getElementById('output');
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls="999881643741603838598498816760606041815967 ";
theid.innerHTML+="<br>TST = " +tst;
a=eval(ls.substring(0,2))-91;
theid.innerHTML+="<br>A = " +a;
ls=ls.substring(2,ls.length);
theid.innerHTML+="<br>LS = " +ls;

then i just slapped a <div id="output"> in there and gave it a little overflow... if you echo every variable right after its assigned, I'd imagine you'll find a suitible password

Originally posted by Sam
sorta... i'd recommend rather than replacing values, just echo the hell outta it... here's a little snippet of my super-verbose version:

theid=document.getElementById('output');
tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
ls="999881643741603838598498816760606041815967 ";
theid.innerHTML+="<br>TST = " +tst;
a=eval(ls.substring(0,2))-91;
theid.innerHTML+="<br>A = " +a;
ls=ls.substring(2,ls.length);
theid.innerHTML+="<br>LS = " +ls;

then i just slapped a <div id="output"> in there and gave it a little overflow... if you echo every variable right after its assigned, I'd imagine you'll find a suitible password Actually, to figure out some of that, I used the document.write() function, but that didn't end up workin' out too wel;. :( I'll try your techniqe. Obviously, it has something to do with leet, because the 13 and the 1337 clue u gave me tell me I was heading in the right direction...

no numerals in the user name or password... level 15 is proving difficult as well Damn you HTACCESS

Originally posted by Sam
no numerals in the user name or password... level 15 is proving difficult as well Damn you HTACCESS Isn't HTACCESS server-side.... I thought this was all supposed to be client-side "hacking"... ?

it is... I may just be missing something, and there's a tip saying the password file isn't hidden, but i haven't been able to guess it yet (I've tried .htpasswd in every directory)

Originally posted by Sam
it is... I may just be missing something, and there's a tip saying the password file isn't hidden, but i haven't been able to guess it yet (I've tried .htpasswd in every directory)
Well, since I'm not on that level, and have NO KNOWLEDGE WHATSOEVER of htaccess, I definitely won't be of much help :D I think I better head off to bed now, too. It's 2:32 AM, and I have track meet tomorrow :eek:

OK, the problem I'm having with this level(14) is I'm not really sure what I'm looking for! Whic variables should I be keeping an eye on for the username and which for the password? It's quite difficult trying to find and remember what two different variables are and represent when they are both in one big equasion :confused:

PS: Is the while() statement even needed in there? Because as far as I could see, it should only loop once anyway....

What are you doing?????

You're not supposed to work out the variables yourself. Look at the script, look what happens to what you enter in the form and more importantly look at where it's compared to something.

by loops once do you mean 2passes or one, because one loop is 2passes, therefore the while statement is needed

Passes once. It is like this:


...
ls = 43; // what I remember, this number could be wrong, but it's close
while(ls > 28) {
...
ls = "";
}

from that bit of code it doesnt loop, its just a straight forward pass, however dont disregard it, it may be a trick (just a guess i havnt done it, i stopped at 13 and may do some later if i have time)

Again I say, this goes out to Daniel T and most definately not 96turnerri.Originally posted by lavalamp
What are you doing?????

You're not supposed to work out the variables yourself. Look at the script, look what happens to what you enter in the form and more importantly look at where it's compared to something.

i am not helping him i am explaining what the difference between a pass and a loop is so take that back :p

Better? :D

LMAO, thanks :D

Originally posted by lavalamp
Better? :D LMMFAO! Nice :D

Anyone get around the htaccess yet? (level 15)