Introduction

Hello world, welcome to haxez, where we will be working out Javascript Mission Level 1 on Hack This Site. We’ve just completed the realistic missions and I thought it was time to take a break and do something a little less intense. So without further ado, let’s get started. Upon navigating to the mission, we get a title called the Idiot Test (very appropriate for me I assure you). Based on the information we have, it sounds like Faith with a small f (bug report submitted) is learning Javascript. Let’s go and take a look at it.

Testing The Javascript 1

When we follow the link to the mission, we’re greeted with a title of Javascript Mission 1 and a password submission form. Furthermore, if we input data into the form (incorrect data), we get a javascript alert window pop up telling us we fail. Ordinarily, Javascript is a client-side language (runs un the user’s browser), we can’t intercept this request and brute force it. That also means we can view the script and see what it’s doing.

Analyzing The Javascript

As shown below, In order to find out what the script is doing, we need to view the page source and locate the code. Overall, the quickest way to do this is to right-click inside the password form and click inspect. As can be seen, that should take you directly to the code powering the form. As illustrated in the image below, the Javascript code is checking if the variable ‘x‘ is equal to cookies. If the value is equal to cookies then an alert box will pop up saying “win”. If the value is not equal to cookies then we get an alert box pop up saying “fail”.

Bribing With Cookies

In order to pass this mission, all we need to do is submit the value cookies into the password submission form. Yes, it really is that simple and could be completed without even understanding the code. So, input the word cookies in to the password submission form and click submit.

As promised, upon doing so you will receive a pop-up box claiming that you win.

Well thats it.