Anyone ever gone to this site

Bl8ckr0uter

Hack This Site!

phoeneous

Been going there for about 8-10 years or whenever they first started. Heck, possibly since the win98 days. Good challenges!

Bl8ckr0uter

phoeneous wrote: »

Been going there for about 8-10 years or whenever they first started. Heck, possibly since the win98 days. Good challenges!

Man I am stuck on challenge number two (javascript) any suggestions/pointers?

NightShade03

Its a great site but it will make you think and you need a decent "think outside the box mind" to accomplish alot of the tasks on there.

dynamik

knwminus wrote: »

Man I am stuck on challenge number two (javascript) any suggestions/pointers?

You're joking, right?

SephStorm

No, I had only heard of javascript injectors, I had no idea how to do them! I technically still don't.

Good site, study each topic.

Bl8ckr0uter

dynamik wrote: »

You're joking, right?

Yes and no. I clicked off of it for a while but my thing is in this script:

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl.&quot; : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-2391176-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>

I believe the 2nd line should be a declaration for the password file. I also know that per the question the file was never loaded. I am just not sure how I can declare it on the page itself. Maybe I am thinking about this incorrectly.

The issue is this is like the first time I have ever looked at javascript and I don't know a lot about it.

dynamik

You're on this one: http://www.hackthissite.org/missions/javascript/2 ?

If you're using Firefox, Tools > Options > Content and uncheck "Enable Javascript".

Edit: I believe that is legit Google Analytics code; it's at the bottom of every page.

RobertKaucher

knwminus wrote: »

Yes and no. I clicked off of it for a while but my thing is in this script:

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl.&quot; : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-2391176-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>

I believe the 2nd line should be a declaration for the password file. I also know that per the question the file was never loaded. I am just not sure how I can declare it on the page itself. Maybe I am thinking about this incorrectly.

The issue is this is like the first time I have ever looked at javascript and I don't know a lot about it.

That's the script for Google analytics. It's not a part of the challenge.

If the password is not loaded as value by the script, what is it's value?

dynamik

Or are you on: Hack This Site! ? Just submit without entering anything. That's the first thing I did to see what error I'd get, and it said I passed

Bl8ckr0uter

dynamik wrote: »

You're on this one: Hack This Site! ?

If you're using Firefox, Tools > Options > Content and uncheck "Enable Javascript".

Edit: I believe that is legit Google Analytics code; it's at the bottom of every page.

Yea I failed. I googled that line of script and It did take me to a google site. That isn't the one I was on though I am on this one Hack This Site!

RobertKaucher wrote: »

That's the script for Google analytics. It's not a part of the challenge.

If the password is not loaded as value by the script, what is it's value?

LOL!!!! I am so fail. Man I was looking for something that wasn't there. The value declared was blank so I just hit submit and it worked.....LOLOL

dynamik wrote: »

Or are you on: Hack This Site! ? Just submit without entering anything. That's the first thing I did to see what error I'd get, and it said I passed

Yea. I spent like 20 mins on this thing off and on (looking at American Idol). But yea I total failed on this thing

Bl8ckr0uter

Well two more and then I am done.

RobertKaucher

Dude, you can blow an entire day on that site without even noticing the time pass.

The SQL injection challenges were great fun. Learned a lot from them.

Bl8ckr0uter

dynamik wrote: »

You're on this one: Hack This Site! ?

If you're using Firefox, Tools > Options > Content and uncheck "Enable Javascript".

Edit: I believe that is legit Google Analytics code; it's at the bottom of every page.

I just looked at this just to see what you were talking about..LOL now I understand your comment. I am not that fail.

Bl8ckr0uter

RobertKaucher wrote: »

Dude, you can blow an entire day on that site without even noticing the time pass.

The SQL injection challenges were great fun. Learned a lot from them.

Seems like a cool site. I will really need to raise my game though..

mikedisd2

Just discovered this site too. Half hour gone and I've only done the first 2x basic questions. Third has me totally stuffed. Nothing like being shown up as the noob I am.

Bl8ckr0uter

mikedisd2 wrote: »

Just discovered this site too. Half hour gone and I've only done the first 2x basic questions. Third has me totally stuffed. Nothing like being shown up as the noob I am.

Lol you aren't the only one. I am stuck on that one as well. I found the answer on you tube but I haven't watched it. I will watch it later


YouTube - Hack This Site - Basic 3 Tutorial

RobertKaucher

knwminus wrote: »

Lol you aren't the only one. I am stuck on that one as well. I found the answer on you tube but I haven't watched it. I will watch it later


YouTube - Hack This Site - Basic 3 Tutorial

Cheater! Keep at it and ask for advice before giving in to YouTube. You will learn more. The basic challenges are really more about how you think than what you actually know.

phoeneous

RobertKaucher wrote: »

Dude, you can blow an entire day on that site without even noticing the time pass.

The SQL injection challenges were great fun. Learned a lot from them.

And useful too. I got a free pass to a DefCon survival camp a few years back and we did a sweet lab with Metasploit. But before the lab started, the presenter had us crack into web server to get the lab notes. A simple x' or 'a' = 'a and we were in.

Bl8ckr0uter

RobertKaucher wrote: »

Cheater! Keep at it and ask for advice before giving in to YouTube. You will learn more. The basic challenges are really more about how you think than what you actually know.

I still haven't looked at it yet but now I feel bad

I am on basic challenge 3. Ok here is the source code for the site:



<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-2391176-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>
I looked to at the script itself and I did not see anything wrong with it. I looked to see maybe if something written incorrectly and it seemed right. The only thing that looked strange to me was the second line (specifically this part:
_gat._getTracker("UA-2391176-1");

because of the space and underline and the front...

dynamik

knwminus wrote: »

I still haven't looked at it yet but now I feel bad

I am on basic challenge 3. Ok here is the source code for the site:



<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-2391176-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>
I looked to at the script itself and I did not see anything wrong with it. I looked to see maybe if something written incorrectly and it seemed right. The only thing that looked strange to me was the second line (specifically this part:
_gat._getTracker("UA-2391176-1");

because of the space and underline and the front...

What's your HTML/Javascript experience?

Check the hidden field in the form.

NightShade03

You can also use a proxy like paros to see what is being passed back and forth in the browser.

tiersten

knwminus wrote: »

<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-2391176-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>
I looked to at the script itself and I did not see anything wrong with it. I looked to see maybe if something written incorrectly and it seemed right. The only thing that looked strange to me was the second line (specifically this part:
_gat._getTracker("UA-2391176-1");

because of the space and underline and the front...

gat = Google Analytics Tracker. The UA number is the site identifier that tells Google what site it is.