Hacking with Javascript.

Hacking with Javascript.

Javascript is used as a client side scripting language, meaning that your browser is what interprets it. It is used on webpages and is secure (for the most part) since it cannot touch any files on your hard drive (besides cookies). It also cannot read/write any files on the server. Knowing javascript can help you in both creating dynamic webpages, meaning webpages that change, and hacking. First I will start with the basic javascript syntax, then I will list a few sites where you can learn more, and then I will list a few ways you can use javascript to hack.

There are a few benifits of knowing javascript. For starters, it is really the only (fully supported) language that you can use on a website making it a very popular language on the net. It is very easy to learn and shares common syntax with many other languages. And it is completely open source, if you find something you like done in javascript you can simply view the source of the page and figure out how it's done. The reason I first got into javascript was because back before I got into hacking I wanted to make my own webpage. I learned HTML very quickly and saw Dynamic HTML (DHTML) mentioned in a few tutorials. I then ventured into the land of javascript making simple scripts and usful features to my site.

It was only after I was pretty good with javascript and got into hacking that I slowly saw it's potential to be used milisously. Many javascript techniques are pretty simple and involve tricking the user into doing something. Almost pure social engineering with a bit of help from javascript. After using simple javascript tricks to fake login pages for webbased email I thought about other ways javascript could be used to aid my hacking, I studied it on and off for around a year. Some of these techniques are used by millions of people, some I came up with an are purely theorectical. I hope you will realize how much javascript can aid a hacker.


1. Basic Syntax
2. Places To Learn More Advanced Javascript
3. Banner Busting & Killing Frames
4. Getting Past Scripts That Filter Javascript
5. Stealing Cookies
6. Stealing Forms
7. Gaining Info On Users
8. Stories Of Javascript Hacks
9. Conclusion





1. Basic Syntax
The basics of javascript are fairly easy if you have programmed anything before, although javascript is not java, if you know java you should have no problems learning it. Same for any other programming language, as most share the same basics as javascript uses. This tutorial might not be for the complete newbie. I would like to be able to do a tutorial like that, but I don't have the time or patience to write one. To begin if you don't know html you must learn it first!

Javascript starts with the tag Anything between these two tags is interpreted as javascript by the browser. Remember this! Cause a few hacks use the fact that if you use .. either way is fine. I would also like to mention that many scripts have right before the tag, this is because they would like to make it compatible with other browsers that do not support javascript. Again, either way is fine, but I will be using the because that is how I learned to script and I got used to putting it in.

Javascript uses the same basic elements as other programming languages.. Such as variables, flow control, and functions. The only difference is that javascript is a lot more simplified, so anyone with some programming experience can learn javascript very quickly. The hardest part of scripting javascript is to get it to work in all browsers. I will now go over the basics of variables:

to define a variable as a number you do: var name = 1;
to define a variable as a string you do: var name = 'value';

A variable is basically the same in all programming languages. I might also point out that javascript does not support pointers. No structs to make your own variables either. Only variable types are defined by 'var'. This can be a hard thing to understand at first, but javascript is much like C++ in how it handles variables and strings. A string is a group of characters, like: 'word', which is a string. When you see something like document.write(something); it will try to print whatever is in the variable something. If you do document.write('something'); or document.write("something"); it will print the string 'something'. Now that you got the variables down lets see how to use arithmetic operators. This will make 2 variables and add them together to make a new word:

b0ilerowns

first we define the variable 'name' as b0iler, then I define 'adjective' as owns. Then the document.write() function writes it to the page as 'name'+'adjective' or b0ilerowns. If we wanted a space we could have did document.write(name+' '+adjective);

Escaping characters - This is an important concept in programming, and extremely important in secure programming for other languages.. javascript doesn't really need to worry about secure programming practice since there is nothing that can be gained on the server from exploitting javascript. So what is "escaping"? It is putting a \ in front of certain characters, such as ' and ". If we wanted to print out:

b0iler's website

We couldn't do:

document.write('b0iler's website');

because the browser would read b0iler and see the ' then stop the string. We need to add a \ before the ' so that the browser knows to print ' and not interpret it as the ending ' of the string. So here is how we could print it:
document.write('b0iler\'s website');

There are two types of comments in javascript. // which only lasts till the end of the line, and /* which goes as many as far as possible until it reaches */ I'll demonstrate:

this will show up

The only thing that script will do is print "this will show up". Everything else is in comments which are not rendered as javascript by the browser.

Flow Control is basically changing what the program does depending on whether something is true or not. Again, if you have had any previous programming experience this is old stuff. You can do this a few different ways different ways. The simplest is the if-then-else statements. Here is an example:



Lets break this down step by step. First I create the variable 'name' and define it as b0iler. Then I check if 'name' is equal to "b0iler" if it is then I write 'b0iler is a really cool guy!', else (if name isn't equal to b0iler) it prints 'b0iler can not define variables worth a hoot!'. You will notice that I put { and } around the actions after the if and else statements. You do this so that javascript knows how much to do when it is true. When I say true think of it this way:

if (name == 'b0iler')
as
if the variable name is equal to 'b0iler'

if the statement name == 'b0iler' is false (name does not equal 'b0iler') then whatever is in the {} (curely brackets) is skipped.

We now run into relational and equality operators. The relational operators are as follows:

> - Greater than, if the left is greater than the right the statement is true.
< - Less than, if the left is lesser than the right the statement is true.
>= - Greater than or equal to. If the left is greater than or equal to the right it is true.
<= - Less than or equal to. If the left is lesser than or equal to the right it is true.

So lets run through a quick example of this, in this example the variable 'lower' is set to 1 and the variable 'higher' is set to 10. If lower is less than higher then we add 10 to lower, otherwise we messed up assigning the variables (or with the if statement).



and now the equality operators, you have already seen one of them in an example: if (name == 'b0iler') the equality operators are == for "equal to" and != for "not equal to". Make sure you always put two equal signs (==) because if you put only one (=) then it will not check for equality. This is a common mistake that is often overlooked.

Now we will get into loops, loops continue the statements in between the curly brackets {} until they are no longer true. There are 2 main types of loops I will cover: while and for loops. Here is an example of a while loop:



First 'name' is set to b0iler, then 'namenumber' is set to 1. Here is where we hit the loop, it is a while loop. What happens is while namenumber is less than 5 it does the following 3 commands inside the brackets {}: name = name + name; document.write(name); namenumber = namenumber + 1; The first statement doubles the length of 'name' by adding itself on to itself. The second statement prints 'name'. And the third statement increases 'namenumber' by 1. So since 'namenumber' goes up 1 each time through the loop, the loop will go through 4 times. After the 4th time 'namenumber' will be 5, so the statement namenumber < 5 will no longer be true.

Let me quickly go over some short cuts to standard math operators, these shortcuts are:

variable++; // adds 1 to variable.
variable--; // subtracts 1 from variable.
variable+= something; // adds something to variable. Make sure to use 's if it is a string like:
variable+= 'string';
variable-= 3; // subtracts 3 from variable
variable*= 2; // multiples variable by 2.

Next loop is the for loop. This loop is unique in that it (defines a variable; then checks if a condition is true; and finally changes a variable after each time through the loop). For the example lets say you want to do the same thing as above. This is how you would do it with a for loop:

b0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0ilerb0iler

First the variable name is defined, then it starts the for loop. It assigns 1 to namenumber, then checks if namenumber is less than 5 every time through the loop, and it increases namenumber by 1 every time through the loop (variablename++ means increase the variable by 1). The next 2 lines are the same as with the while loop. But since the for loop handles the declaration of namenumber and the increase every time through the loop it makes it simpler for the scripter and easier to keep track of for people trying to read the code. You can use a while loop if you want, it is all up to the scripter's preference.

Lets go over that for loop one more time, just for clarity. for (done only the first time; loop continues while this is true; done after every time through the loop)

That's it for learning javascript, this was really basic and pretty much covered things that are constant in most languages. For javascript specific guides check out the next section of the tutorial. This section was only to give the user enough info to understand the rest of the tutorial. I wish I could go over more, but there are way better tutorials for advanced javascript then one I could ever write.





2. Places To Learn More Advanced Javascript

I will just provide a list of tutorials and sites with more advanced javascript. If you wish to learn javascript and be able to write your own you will have to look at other people's scripts for examples and read a few more tutorials. I just went over the very basics so you wouldn't be lost.


Pagefinder - Get INSIDERinfo on thousands of topics ... rial2.html - good examples, not really advanced.. prolly a medium level javascript tutorial.

http://www.webdevelopersjournal.com/art ... ents2.html - A javascript tutorial on event handles. Fairly advanced.

Rouyer Design Portfolio Web Site - a classic site, go to the tutorials section and learn a lot of advanced javascript made easy.

http://server1.wsabstract.com/javatutors - Goes over some specific aspects to advanced javascript work. Useful in many situations.

Advanced JavaScript Tutorials - The advanced string handling and the forms tutorials are good, I would suggest reading them if you wish to get more into javascripting.

Coolnerd's Javascript Resource - A nice list of al the javascript operators, statements, objects.. although it might be alittle old I still use it all the time.


If you want to create your own javascripts for yoursite be warned. Javascripts are very limited in power, but can be the solution to many simple problems. You will have to spend a few weeks learning more advanced javascript in order to make anything really useful. Creating that awsome DHTML (Dynamic HTML) feels really good Dynamic HTML is pretty much javascript that interacts with the user, css, and layers - , , and .

Here is some links to good dynamic html sites:


The Dynamic Duo, Cross browser dynamic html tutorial - Goes over things step by step.

Taylor's dynamic HTML tutorial - That nice webmonkey style that everyone loves.

Curious Eye DHTML tutorial - This will really get you going making cross browser Dynamic HTML.

Intro to DHTML - Might be nice if you aren't as html and javascript knowledgable as most DHTML beginners.


Good luck with your adventure into javascript =)





3. Banner Busting & Killing Frames

I call it banner busting, it is when you use javascript (or other tags) that aren't rendered by the browser the same as normal html tags to get around a popup or banner that free sites automatically put on your page. The basic idea of this is to have a tag that isn't rendered as html right before the html the site adds on their banner so that user's browsers do not see the banner. There is only really one key thing you need to find out in order to kill that banner. This is what tag the site uses as a "key". What I mean by this is what tag does the banner they add come before or after? Try putting up a page with just:





text





now upload that page and view it in a browser. View the source of the page and find where the site added it's banner html. If it came after the and before the then you need to see if it came before or after the which is in between those. If it is before, then it is the tag that is the key tag which the site adds it's banner after. If it is under the than you know it puts it after the tag.

So now that we know where the site adds it's banner html what do we do to stop it? We try to make a "fake" tag and hopefully the site adds it's banner html to the fake one instead. Then we use javascript to print the real one. We can do a few things, here is the list:


the basic to stop it.


-this keytag is the real one.





If all worked out you should have a page with no annoying popups or flashing banners. If not I guess you will have to play around a little and figure it out for yourself. Since every free host uses different keytags and methods of adding it's banner I can't go over them all one by one.

I decided to go over a real example of a free site that add popup ads or banners to every page you have. I'll be using angelfire since I hate them and because that's the one I picked out of my lucky hat. Just remember that sites can change the way they add banners anytime they feel like, so this method might not work the same way as I am showing. Doing this also breaks the TOS (Terms Of Service) with your host, so you might get your site taken down without any warning. Always have complete backups of your site on your harddrive, espechially if you have a hacking site or are breaking the TOS.


angelfire

------------------------
begin
------------------------

rest of test page

------------------------
end
------------------------

as you can see angelfire puts their ad right after the tag. All they are using to protect us from getting rid of the ad is a so.. we can put something like this to defeat the ad:




So angelfire's server will add the javascript for thier advertisment after the first they see. That will put the ad after . This means that user's browsers will think that and the angelfires ad is css (cascading style sheet).. which is the