Kamis, 07 Juli 2011

Hacker Test level 4


Kesempatan kali ini kita masih bahas dari http://www.hackertest.net/ pada level ke 4..
Langsung saja ya..:D
Dibawah ini tampilan dari level 4..

Seperti biasa kita lihat source code-nya dengan klik kanan pada halaman web-nya..
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html;
 charset=windows-1252">
<meta name="robots" content="noindex">
<title>Hacker Test: Level 4</title>
<LINK REL="stylesheet" HREF="style.css" TYPE="text/css">
 
</head>
<body>
 
<h1>Hacker Test</h1>
 
<p>Test your hacking skills</p>
 
<br><br>
 
<h1>Level 4</h1>
 
<br><br>
 
<center><p>Congratulations! Next level... 
<a href="sdrawkcab.htm">Click here</a>.</p></center>
 
 
 
 
<!-- Google AdSense was here but now removed -->
<script type="text/javascript"><!--
google_ad_client = "pub-3865159942975184";
/* 728x90, created 9/13/08 - htv1a */
google_ad_slot = "1646427804";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
        
 
<!-- Start of StatCounter Code -->
<script type="text/javascript" language="javascript">
var sc_project=2497325; 
var sc_invisible=0; 
var sc_partition=23; 
var sc_security="66a93703"; 
var sc_remove_link=1; 
</script>
 
<script type="text/javascript" language="javascript"  
src="http://www.statcounter.com/counter/counter.js">
</script><noscript>
<img  src=
"http://c24.statcounter.com/counter.php?sc_project
=2497325&java=0&security=66a93703&invisible=0"
alt="web metrics" border="0"> </noscript>
<!-- End of StatCounter Code -->
 
 
</body>
</html>

Wah tidak ada script seperti di level-level sebelumnya yg menerangkan passwordnya..!!! :D
Jangan bingung dulu..kita perhatikan pada bagian ini..
<center><p>Congratulations! Next level... 
<a href="sdrawkcab.htm">Click here</a>.</p></center>

Pada script tersebut diatas menerangkan ada link ke sdrawkcab.htm
Kita ikuti link tersebut dan tada..kita dapati script seperti ini…
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="robots" content="noindex,nofollow">
<meta http-equiv="Content-Type" content="text/html; 
charset=windows-1252">
<title>Level 5</title>
</head>
<body>
<script language=JavaScript>
var pass, i;
pass=prompt("Password: ","");
if (pass=="SAvE-as hELpS a lOt") {
window.location.href="save_as.htm";
i=4;
}else {alert("Try again");
window.location.href="abrae.htm";}
// -->
</script>
<table border="0" cellspacing="1" 
 style="border-collapse: collapse" bordercolor="#111111"  
width="100%" id="AutoNumber1" height="550">
<tr>
<td width="100%" height="1" valign="top">
<table border="0" cellspacing="1"  
style="border-collapse: collapse" 
 bordercolor="#111111" width="100%" id="AutoNumber2">
<tr>
<td width="27%">
<img border="0" src="images/logo.gif" width="300" height="145"></td>
<td width="73%" valign="top">
<table border="0" cellspacing="1"  
style="border-collapse: collapse" bordercolor="#111111"
width="100%" id="AutoNumber3">
<tr>
<td width="100%"><b><i><font size="2" face="Arial">WORLDWIDE HACKING 
IN PROGRESS...</font></i></b></td>
</tr>
<tr>
<td width="100%"><font size="2" face="Tahoma">This is your 
own online hacker simulation. With over 20 levels that require 
different skills to get to another step of the game, this new 
real-life immitation will help you advance your security knowledge. 
This site will help you improve your JavaScript, PHP, HTML and 
graphic thinking in a fun way that will entertain any visitor! Have 
a spare minute? Log on! Each level will provide you with a new, 
harder clue to find a way to get to another level. Only few people 
have gotten to the end of the maze... Will you crack this 
site?</font></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="100%" height="267" valign="top"><b><font size="7" 
 face="Arial">Level 5</font></b><p>&nbsp;</p>
<div align="center">
<center>
<p><br>
&nbsp;</p>
</center>
</div>
</td>
</tr>
<tr>
<td width="100%" height="80" valign="top">
 
 
 
<!-- Google AdSense was here but now removed -->
 
        
 
<!-- Start of StatCounter Code -->
<script type="text/javascript" language="javascript">
var sc_project=2497325; 
var sc_invisible=0; 
var sc_partition=23; 
var sc_security="66a93703"; 
var sc_remove_link=1; 
</script>
 
<script type="text/javascript" language="javascript" 
 src="http://www.statcounter.com/counter/counter.js">
</script><noscript>
<img  src="http://c24.statcounter.com/counter.php?sc_project=
2497325&java=0&security=66a93703&invisible=0"
alt="web metrics" border="0"> </noscript>
<!-- End of StatCounter Code -->
 
 
</td>
</tr>
</table>
</body>
</html>

Dengan mudahnya kita dapatkan kembali passwordnya pada bagian ini..

<script language=JavaScript>
var pass, i;
pass=prompt("Password: ","");
if (pass=="SAvE-as hELpS a lOt") {
window.location.href="save_as.htm";
i=4;
}else {alert("Try again");
window.location.href="abrae.htm";}
// -->
</script>

Kita dapat passwordnya "SAvE-as hELpS a lOt" (tanpa tanda petik) Mudah bukan..??:D
Diposting oleh Panji Madya R di 11.33
Label:

1 komentar:

  1. Unknown10 Mei 2017 pukul 07.05

    if (pass!="SAvE-as hELpS a lOt") {

    true

    else{
    false

    resolved

    using burpsuite proxy, get request in page web

    BalasHapus

Langganan: Posting Komentar (Atom)