Hello dynamicdrivers. Try to steal my password here. Can you do it?
Last edited by traq; 03-23-2014 at 06:23 PM.
I won't ask you yet how you did it, but you may want to give us the first letter of the password.
I'll do you one better. PM'd.
Well traq and keyboard, since you managed to steal my password, I'll try to do a better job.
One question: did you find it by downloading the files of the site?
Technically, since "visiting" a webpage is just another way of saying you downloaded it, yes. But I didn't do anything special (didn't even use view source). Interestingly, I didn't see your
Last edited by traq; 03-23-2014 at 06:26 PM.
Thanks for the useful remarks, traq.
What I actually did was including the page containing the password (password.html) in a div of the main page (=hackme.html) with the help of onhashchange. This ensured that hackme.html always displayed as hackme.html#password.html. I also put a script in password.html ensuring that this was also true for password.html (displaying as hackme.html#password.html too).
Viewing the source of hackme.html#password.html now only produced the actual source of hackme.html, not the source of the file (password.html) containing the password. So I thought I had created some kind of password protection until I discovered that the whole thing didn't work when the visitor downloaded the site. That's where I thought the onmouseleave might be useful. I was not aware of what you said about dev tools.
Thanks a lot. Very helpful.
Dev tools almost make "view source" obsolete. Plus, they're in every major browser by default nowadays.
Personally I just opened the site up in FireBug (an addon for FireFox) and that showed me each of the scripts that were currently running on that page. I was going to try and brute force it, but I couldn't be botheredOne question: did you find it by downloading the files of the site?