Introduction

In the previous post of TRY2HACK wargame level 2 introduces the flash decomposer.

Level 3

As soon as you pass level 2, an prompt asking the password for the level 3 is shown. Window prompt I tried to enter a random string and get the following message... Go to Disney And here I am... Disney Notice that once entering the webpage the prompt would be shown. Just open the developer tools and see what is going on in this page. Developer tool Scroll down to the part that prompt out the message box. javascript Look at the piece of code. The prompt would ask the user's input and compara with a variable named PASSWORD. Despite of the variable hoisting in javascript. The under assignments is counterfeit. See closer to the code. There is another script that has a source named Javascript. 
<script type="text/javascript" src="JavaScript"></script>
<script type="text/javascript">
	<!--
	pwd = prompt("Please enter the password for level 3:","");
	if (pwd==PASSWORD){
 		alert("Allright!\nEntering Level 4 ...");
		location.href = CORRECTSITE;
		}
	else {
        alert("WRONG!\nBack to disneyland !!!");
        location.href = WRONGSITE;
	}
	PASSWORD="AbCdE";
	CORRECTSITE="level4-sfvfxc.xhtml";
	WRONGSITE="http://www.disney.com";
	//-->
</script>
Look for the sources and the file named Javascript is right there! sources Click on the file and the password is shown! Javascript file Here we go! Alright

Conclusion

The techniques needed in this level are
  1. Window prompt
  2. Javascript source inclusion
There is a little tricky in the code in this level. The variable PASSWORD is assigned in two places. One in the html file and another in the source file called JavaScript. Since the JavaScript is upper than the inline script, the PASSWORD is first assigned to the real password.

History

First published: new post - 2016/04/11

Reference

  1. Window prompt
  2. variable hoisting
  3. Load and execution sequence of a web page