ThisisLegal.com
 

JavaScript Hacking

1.  I need the HTML source code of pages

A webpage consists of a main document, and, if it is a framework, of any number of child pages. Parts of the script code may be in any of them. There are different methods to get the source code of the html pages. The easiest one is a right click in the desired frame, then choose view source. If that doesn't work for whatever reason, try to save the whole page to your desktop via the "File" menu.

If you get any problems with scripts in the page that disable right clicks or create popups, go and disable scripting in the browser menu first. Additional problems can come up if you are inside a framework and need to break out of it. Simply look for the name of the child window you want to go to inside the parent frames html source and plug the name into the browser. If you can't get the source that way you can use programs like "codelifter" to get it, or just telnet to the web server.

2. I need to analyze the html source code and find the JavaScript code inside.

Now that you have the html source code, look for the < script > < /script > tags. Inside those tags is the script code responsible for password protection. The code looks like standard Java, C# or C++ code. Its easy to understand. Now look into the html source again and find the < form > < /form > tags. There may be more than one for distraction, but the one you are looking for should have as action the name of a password script function you found.

There may be distraction inside the html source, like comment tags that hide the JavaScript code, so make sure you have the complete html source. Also make sure you scroll the complete source code file, there are programs out there that put lots of spaces into html code to hide parts of the code in very long lines or at the very end of the file behind a few thousand empty lines.

3. I need to analyze the found password scripting function.

First make sure this is the function that really gets called, and not fake code to fool you. Now see if you find any hardcoded URL's inside the password script. JavaScript calls new webpages with something like:

'window.open(newpage.php,_self)'

_self meaning in a new window, or:

'location=newpage.php'

So if you find any hardcoded URL, paste it into your browser and you are done. If the function creates the URL from the entered password or username and does not check it you will have to find them both by either fooling the owner of the password into giving it to you, or finding it written down somewhere.

If the script checks the entered password against something, either the plain text password or some generated hash, you can often get or guess the password from the comparison. Just look for it. Worst case you will have to understand the hash function and find passwords that fit into the comparison. The only really secure script is a script where the password really is the URL that gets called, either plain text or encrypted in any way. If you find a script like that and have no way to get the password, try to find other ways into the webserver.

Sometimes people mess up file and/or folder restriction, allowing people to access parts of the webspace that should be restricted, and that way finding files that are not for outside use. If that also fails you are down to good old brute forcing. That's not allowed in here, and won't be necessary. If brute forcing the web server should fail as well you would then go and attack other services like ftp with the hope to get access to the web files.


Tutorial by Raduce


Comments

Reply

thanks RaducE, if you could maybe update this to include some JavaScript injection it would save me the effort of writing another tutorial later

Reply

It\'s from hackquest another hacking site

Reply

1.I proposed the tut there and it was set. 2.I made the tut.

Reply

hey man don\'t steal information from another hacking site :|

Reply

I repeat I MADE that tut.

Reply

hmm... its hard to tell hackquest should display the name of who made the tutorial :( im putting by hackquest for now

Reply

Belive me I made it from scratch and proposed it on HackQuest.But no prob.Glad I helped the site.And please check the javascript injection tutorial.

Reply

relax guys lol

Reply

OK.I\'ll do it.

Reply

Oh and I made the tut for Javascript Injection to but I thought it\'s a bit to complicated.But now I sent it anyways.

Reply

It has absolutely no nutritional value whatsoever. ,

Reply

Its say above "or just telnet to the web server." Can anyone create a tutorial about how to do this and how it works beyond just sending e-mails? Good tutorial though. Thanks.

Reply

what if it is .aspx file format ?

Reply

Excellent information. So useful.

Online (last 15 mins):   Ne0Lux-C1Ph3r, desker