Patrick Talmadge

Javascript injection is a fun technique that allows you to change a websites content without leaving the site, reloading the page, or saving the site to your desktop. Javascript injection can be very useful when you need to change hidden data before you send it to the server. Let’s start with some basic injection techniques.

Javascript Injection Basics

Javascript injections are run from the address bar of the browser. To start remove everything from the address bar.  That means delete the http:// and any website information in the address bar.

Javascript injection code is executed in the empty address bar using the javascript: protocol. In this tutorial we will  go over the basics of javascript injection. If you are a Javascript expert this might be below you but a refresher is always good.

The two most widely used injection commands are alert(); and void();. These commands will get you through most situations. For our first injection script we will open an alert box. Open the web browser of your choice and delete everything from the address bar. Go to any website you wish and type the following code in the empty address bar.

Code:  javascript: alert(”You’ve been hacked”);

What we have done is told the browser to send an alert box with some string text. Although very simple this is a great little trick you will see its power later in this post.

With the javascript: protocol you can run as many commands as you want. Enter the following code in your empty browser address bar to test more than one javascript injection command.

Code:  javascript: alert(”You’ve”); alert(”been”); alert(”hacked”);

In this code injection you will see three different alert windows pop up one after the other.

Cookie Hacking

Cookie hacking or editing can be very fun and can open a lot of doors. First we need to open a browser window and go to a site that uses cookies. Not sure if the site is using cookies here is some code that will let you know if the site is using cookies. Type the following code in a empty address bar.

Code:  javascript: alert(document.cookie);

This code is very similar to the code we learned in the basics section. What it does is open an alert box that outputs the cookie file information for the current site. With this little piece of code you should start to see the power of the alert command.

Now that we have seen what data the cookie has in it, let’s change some things. On the site I used when I executed the code above  I got “PHPSESSID=5b391ba8c4969af84eb426d469abba1″. The follow code is the code I used to change my cookie value. Depending on your cookie you may need to edit the code or the following code will just be appended to the end of the cookie.

Code:  javascript: void(document.cookie=”PHPSESSID = hacked”); alert(document.cookie);

In the code above the PHPSESSID value is changed to hacked and then an alert box is output showing the change to the cookie.

Notice the void command after the javascript declaration. Void is used to return a null value so the browser will not be able to load a new page. Cookie editing can open many doors in the following example you will see how you could hack your way into a website with poor authorization.

Let’s say you find a site that has restricted access to several pages. You check the cookie from the site to see if it is doing anything. The cookie outputs this: loggedIn=no. If you change that value to yes you could get access to the restricted pages without logging like a normal user. The following code changes the cookie value and displays the new value:

Code:  javascript: void(document.cookie=”loggedIn=yes”); alert(document.cookie);

Form Hacking

Form hacking can be achieved several ways a lot of the time you can save the webpage to your desktop and edit the HTML. Once edited you can submit the form from your desktop to the web sever. Many web developers have wised up to this and have added checks to there code for this kind of submitting. That it when javascript injection can come in very handy.

Let’s start with a very common example. You find a website that has a form with hidden form elements. The website code looks something like the code below.

Code:  <form action=”http://www.hackablesite.com/submit.php” method=”post”>
<input name=”price” type=”text” value=”1000″ />

As you can see from the code above we have some HTML code that has a form that posts data to a submit.php on the hackablesite.com server. This form has a hidden price field. I don’t know about you but $1,000 seems like a lot of money. I am not greedy I think $10 is a fair price. Below you will find the code I used to change this value. Enter the following code into your empty address bar.

Code:  javascript: void(document.forms[0].price.value= 10); alert(document.forms[0].price.value);

 In the above code we change the price field using javascript to access the value of the hidden field and setting that value to 10. An alert box is then opened to output to make sure the value has been changed. This attack can be used on more than hidden fields it can be used on select menus and any other form items.

That completes this post about javascript injection as you can see all kinds of fun things can be done with these techniques. Use your imagination and with a little work you can test your site and keep it secure from malicious hackers.

Hacking

In this level our background information is:

This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

In this level Sam has used the same script as level 2 but this time he uploaded the password file. He has made several mistakes that you can exploit to get to the next level.

Hint: Check the source code look for the script that the form posts to and any other interesting items in the source.

HackThisSite Levels, Hacking

In this level our background information is:

Network Security Sam set up a password protection script. He made it load the real password from an unencrypted text file and compare it to the password the user enters. However, he neglected to upload the password file…

Sam has smartened up and removed the password from the comments like in level one. He has set up a new script that checks the user entered password with the one saved in a file. But like the background said he forgot to upload the password file.

Hint: What should you type in if you are checking something that does not exist.

HackThisSite Levels, Hacking

In this level our background information is:

This level is what we call “The Idiot Test”, if you can’t complete it, don’t give up on learning all you can, but, don’t go begging to someone else for the answer, thats one way to get you hated/made fun of. Enter the password and you can continue.

This is a very simple level it should take you all of 30 seconds to figure out.

Hint: Check the source code and look for comments.

HackThisSite Levels, Hacking

I found this fun hacker practice website the other day. It is a lot of fun to practice some basic hacks and learn some new things. Check it out http://www.hackthissite.org/

After I play with it a little more I will post some more information.

Hacking

Draw one card at a time on a three card game.

In order to preform this simple cheat click [Ctrl] + [Alt] + [Shift] and click the card stack.

Automatically Win

To automatically win solitaire press [Shift] + [Alt] + 2. This will cause the cards to bounce around as if you won the game.

Automatically Move Cards

To quickly move files up to the top four spots Right Click one of the four spots at the top. Right Clicking this way will quickly move all the cards that can be moved in that spot up to the top.

Get A High Score

Play the game as much as you want then press [Shift] + [Alt] + 2 to force a winning game. If you play quickly your bonus points can be over 20,000 points. Click the mouse on the game to stop the card waterfall and on the “Deal Again?” dialog box click on “No”. Press [Shift] + [Alt] + 2 again. The bonus points will be added again to the score and the card waterfall will start again. If you keep pressing [Shift] + [Alt] + 2 the score goes as high as want it.

Hacking

So you want to add an HD-DVD to your PC or Mac but can’t find one. Well  Uneasy Silence has a great little hack for adding a XBox 360 HD-DVD player to your PC or Mac. You will need a mini ATA adaperter to mount the drive internally. I believe you only need to install the drivers and you can use it as a USB drive if you don’t want to mount it internally.
Check out his hack it is very interesting: http://uneasysilence.com/archive/2006/11/8303/

Hacking HD DVD

So you want to show off your hacking skills to your friends? Maybe you don’t know any hacks or maybe you do know some hacks but want to know more. Well here is a fun little hack for the built in Windows XP pinball game 3D Pinball Space Cadet.

Open Pinball by going to Start –> All Programs –> Games –> Pinball. After the game loads press F2 to start a new game. Once the new game loads type “hidden test”. So what does this hack do? This hack or cheat code enters you into a test mode that the developers of the pinball game used to test the game. With this hack you can do several things the most fun is move the pinball with your mouse. Here are some other things you can do:

m - Displays message box with amount of system memory.
r - Increases your rank in the game.
y - Shows and Removes the frame rate of the game in window title. (does not work right way all the time)
h - Enters 1,000,000,000 into spot two of high-score. Real scores will push this out of the table.
There is no known way to exit this hidden test mode. This mode is a little buggy I had to close the game several times because the game became a nearly solid pink block.

Other Cheat Codes

The following codes do not work in hidden test mode discussed above.

Unlimited Balls - Type bmax in the full screen game mode. Extra balls will come out of wormhole above right flipper. Note: The only way to exit this mode is to Tilt the game and high score is disabled in this mode.

Extra Ball - Type 1max during your game.

Promotion - Type rmax during your game. Note seems to work best before you launch the ball.

Gravity Well - Type gmax at start of the game.

Happy Hacking…

Hacking