HackQuest: JavaScript: Sir, could you pop me?

Name: Sir, could you pop me?
Place: Tokyo, Japan
Target: Lant Towers

There was a meeting in these rooms, which we must disrupt. Get us in…

When you start this challenge, you will notice that you are immediately prompted for username and password, and thereafter redirected to an irrelevant page. Disabling JavaScript from the start could give you problems with getting through the Flash screen. Thus, you’ll have to find the URL for the page all by yourself. After pressing the “Accept” button, hit the “Stop” button on your browser before you see the username/password prompts. Now, view the page source and look for the frame containing the challenge. You will find an (incorrectly implemented) iframe:

<iframe width=100% height=650 src="modules/HackQuest/hacking/frameheader.php?uname=Tim&uid=56382&url=253">

Of course, your uname and uid will be different. Follow that URL with JavaScript disabled and view the source code. You will se a relatively elaborate attempt at hiding the JavaScript, pushing the line count of the file to 56536. However, you should have no problems finding the not-so-elaborately hidden username and password declarations.

var username = "Johnny";

and

var password = "Mnemonic";

Enter those values, and you have succeeded.

Maybe Related?

• HackQuest: JavaScript: What you mean its not THAT easy?
• HackQuest: JavaScript: I am a JavaScript. Abuse me.
• HackQuest: JavaScript: It's simple if you see it
• HackQuest: JavaScript: Jedi Mindtricks
• HackQuest: JavaScript: Ok, finally it's secure. Or?