Fancy passing some time this Friday afternoon by testing your hacking skills? Go to the Starfleet Academy and see how far you get. I got as far as level 3, signed the guestbook, then got bored and gave up.
The lesson to be learnt is that JavaScript can not secure your webpages. Well, derrr...
Written by Jake Howlett on Fri 2 Apr 2004
The most recent comments added:
Skip to the comments or add your own.
You can subscribe to an individual RSS feed of comments on this entry.
CodeStore is all about web development. Concentrating on Lotus Domino, ASP.NET, Flex, SharePoint and all things internet.
Your host is Jake Howlett who runs his own web development company called Rockall Design and is always on the lookout for new and interesting work to do.
You can find me on Twitter and on Linked In.
Read more about this site »
Level 8?
Am I missing something or is it a case of pure guess work.
Aden
Hm. I got to level 8, but he seems to want you to guess the next URL to get to level 9. He's running IIS on the 'entry' pages (and apache on the scripted ones), so I guess you could try a known IIS exploit to crawl the site. I dunno. Too much effort, methinks...
ohhh..I got to level 5 in 20mins. I suppose not bad to say i've never tried to hack or used JavaScript in this way before.
Erdinger has played a major part in my Friday afternoon - Level 4
just leave the file name off and it will give you a list of the directory structure (only works on that directory) which in turn will give you the file you want, keep going!! 11 is a swine
I got to 6 and then had to get some work done - thanks for sharing the link!
Completed 11. Level 12 is taking too much time up. Maybe i'll try later.
Damned, I'm stuck at level 10. I can't find where the prompt comes from, since in the linked javascript there's only comments??
jerrith, i believe that's a riddle...
This was fun. I got as far as level 7 but couldn't figure out how to go on.
OK, got to level 10 in about 15 minutes, but now absolutely stuck. I almost failed math, and I've been out of school many years - I can't remember stuff about prime numbers! I know that Erdos re-proved the theorem, but what now!?
It would be nice if you could go to each challenge directly instead of playing through ones you've already done.
1. Don't use IE. This way you can view source easily because his right click protection only works for IE. Also in Moz you can execute JS in the JS Console, This makes getting around obfusication of the passwords easy.
2. If you view source of the homepage you'll see this interesting JS:
"if (document.referrer == '{Link}
window.location=("{Link}
else..."
I guess he's hoping to put off people coming from that URL. Go to that url (www.7er-forum.com/forum/viewthread.php?tid=13456) and you'll see all the answers :P
I think that deserves extra credit!!!
Yeah -- #12 is the mean one, since knowing what the password evaluates to is not enough -- there are 36 combinations possible. You need a Java decompiler for #13. #14 is a simple alert() (and the answer on the banned site is wrong, BTW). #15 is the first "real" hack (get the .htaccess file), and that's about all the gaming I can take....
Nah -- I couldn't stop. The last one needs "crypto quote" skills (everyone who rides a subway/tube should have those, right?) but the resulting, very simple, question needs a German answer. Ever notice that Babelfish never give you the right part of speech on a single-word translation?
I beat 10, but I have no idea how it works. I saved the page to my local drive and I could see the password. But viewing the source online just showed words about prime numbers.
{Link}
I stopped after level 14. I didn't want to go after the .htaccess file... mainly because I don't have a clue how. :-)
Btw, y'all, if you read the intro... giving away the secrets is vorbotten!!
I finally solved it! I spent hours on this while I should have been working. Thanks Jake! ;-)
I learned a thing or two along the way, so it's not a complete waste of time.
The last level is a nice puzzle. Hint: the only thing you need to know to solve it is that the text is in English. Enjoy!
Made it to level 11 but but going further would take more time that I am willing to spend.
Lots of things are verboten -- like hacking into obviously restricted areas. Since the whole premise of the game is purposeful breaking of rules, then any rules put in place are, by definition, invalid.
For the last one, you also need to know that there is a mistake in the substitution code in the first word (depending on the order in which you solve the problem, it can make a difference).
Trent -- for #10, it's not what you get, it's how you get it. Think about the HTTP request header, and what's in it.
For Andrew
view-source:
it makes IE open the page in notepad - also most right-click disablements don't work if they throw up a dialog.
I'm sure you can keep the right mouse button down and press return and you will get the context menu.
I got to level 8 then my boss wondered what I was doing :-S
What a blast!
I'm having Jerrith's problem on number 10. Even saving all the .js and .htm files on my comp, I still only see the comments... and I've tried it in IE, Firefox, and all sorts of text editors. LOL...
Gosh, I got past 5. :) I was threw off level 4. I'll try again when I have the time.
I used My Lotus Notes client to open the page for level 10 and then opened it in the Web database where the document is stored and voilà instant hack :)
24*45*32+56-54/842*5623+4567
I'm now at level 13 where I need a way to download the java class so I can see what's in there :)
Stan, how do you view the .htaccess file?
Can someoen help me get past level 3??? i can't figure it out. ppllleeeaaassseseee help me???
right click -save
linkcolor is given
don't you know html?
Level 10
don't get it
I know that the script file is a distraction
And I know about the HTTP request header
but just didn't get it...
I got to level 40,
quite simple if you ask me.
wait till you see the pl.koij file.
Flo
{Link}
You'll need a decrypter for what's inside
Google for John the Ripper