Level 1 - Idiot Test
<script language=Javascript>
function check(x)
{
if (x == cookies)
{
alert(win!);
window.location += ?lvl_password=+x;
} else {
alert(Fail D:);
}
}
위와 같은 코드가 있다. 답은 당연히 cookies
Level 2 - Disable Javascript
링크를 누르면 계속해서 fail.php 페이지로 넘어간다. 따라서 문제 페이지의 자바스크립트가 실행되기 전 스크립트를 확인하면 다음과 같다.
<script language=javascript>
window.location=http://www.hackthissite.org/missions/javascript/2/fail.php;
</script>
<a href=/missions/javascript/2/index.php?challengePass=B8n7OV>Click here to win.</a>
따라서 저 링크로만 가면 성공.
Level 3 - Math time!
var foo = 5 + 6 * 7
var bar = foo % 8
var moo = bar * 2
var rar = moo / 3
function check(x)
{
if (x.length == moo)
{
alert(win!);
window.location += ?lvl_password=+x;
} else {
alert(fail D:);
}
}
계산을 해보면 moo 는 14이다. 따라서 14자 아무 값이나 넣으면 성공.
Level 4 - Var?
<script language=Javascript>
RawrRawr = moo;
function check(x)
{
+RawrRawr+ == hack_this_site
if (x == \+RawrRawr+\)
{
alert(Rawr! win!);
window.location = ../../../missions/javascript/4/?lvl_password=+x;
} else {
alert(Rawr, nope, try again!);
}
}
</script>
답은 moo
Level 5 - Escape!
<script language=Javascript>
moo = unescape('%69%6C%6F%76%65%6D%6F%6F');
function check (x) {
if (x == moo)
{
alert(Ahh.. so that's what she means);
window.location = ../../../missions/javascript/5/?lvl_password=+x;
}
else {
alert(Nope... try again!);
}
}
</script>
escape 된 문자를 unescape 해보면 ilovemoo 이다.
Level 6 - go go away .js
<script type=text/javascript src=http://hackthissite.org/missions/javascript/6/checkpass>
</script>
<script language=javascript>
RawrRawr = moo;
function check(x)
{
+RawrRawr+ == hack_this_site
if (x == \+RawrRawr+\)
{
alert(Rawr! win!);
window.location = about:blank;
} else {
alert(Rawr, nope, try again!);
}
}
function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}
</script>
코드를 보면 맨 상단에 어떤 주소가 있다. 저 주소로 가보면 다시 새로운 스크립트가 나온다. 그 코드를 살펴보면 아래와 같다.
dairycow=moo;
moo = pwns;
rawr = moo;
function checkpass(pass)
{
if(pass == rawr+ +moo)
{
alert(How did you do that??? Good job!);
window.location = ../../../missions/javascript/6/?lvl_password=+pass;
} else {
alert(Nope, try again);
}
}
즉 답은 moo pwns 이다.
Level 7 - JS Obfuscation. FTW!
<script language=javascript>
var _0x4e9d=[\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65,\x77\x72\x69\x74\x65\];document[_0x4e9d[0x1]](String[_0x4e9d[0x0]](0x3c,0x62,0x75,0x74,0x74,0x6f,0x6e,0x20,0x6f,0x6e,0x63,0x6c,0x69,0x63,0x6b,0x3d,0x27,0x6a,0x61,0x76,0x61,0x73,0x63,0x72,0x69,0x70,0x74,0x3a,0x69,0x66,0x20,0x28,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x3d,0x3d,0x22,0x6a,0x30,0x30,0x77,0x31,0x6e,0x22,0x29,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x59,0x6f,0x75,0x20,0x57,0x49,0x4e,0x21,0x22,0x29,0x3b,0x77,0x69,0x6e,0x64,0x6f,0x77,0x2e,0x6c,0x6f,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x2b,0x3d,0x20,0x22,0x3f,0x6c,0x76,0x6c,0x5f,0x70,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3d,0x22,0x2b,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x22,0x70,0x61,0x73,0x73,0x22,0x29,0x2e,0x76,0x61,0x6c,0x75,0x65,0x7d,0x65,0x6c,0x73,0x65,0x20,0x7b,0x61,0x6c,0x65,0x72,0x74,0x28,0x22,0x57,0x52,0x4f,0x4e,0x47,0x21,0x20,0x54,0x72,0x79,0x20,0x61,0x67,0x61,0x69,0x6e,0x21,0x22,0x29,0x7d,0x27,0x3e,0x43,0x68,0x65,0x63,0x6b,0x20,0x50,0x61,0x73,0x73,0x77,0x6f,0x72,0x64,0x3c,0x2f,0x62,0x75,0x74,0x74,0x6f,0x6e,0x3e));
</script>
디코딩 된 부분을 풀어보면 아래와 같다.
<button onclick='javascript:if (document.getElementById(pass).value==j00w1n){alert(You WIN!);window.location += ?lvl_password=+document.getElementById(pass).value}else {alert(WRONG! Try again!)}'>Check Password</button>
따라서 j00w1n 가 패스워드!