From 15a7d0a63a0e4dd514aa8919e078a2e7ebdabd30 Mon Sep 17 00:00:00 2001 From: ariyonaty Date: Mon, 1 Apr 2024 21:45:35 -0700 Subject: [PATCH 1/2] Update GitHub Codespaces instructions for S2L5 --- Season-2/Level-5/hack-1.js | 12 +++++++----- Season-2/Level-5/hack-2.js | 12 +++++++----- Season-2/Level-5/hack-3.js | 12 +++++++----- Season-2/Level-5/hint-1.txt | 12 +++++++----- Season-2/Level-5/index.html | 3 ++- 5 files changed, 30 insertions(+), 21 deletions(-) diff --git a/Season-2/Level-5/hack-1.js b/Season-2/Level-5/hack-1.js index 5d19bf7..df26b69 100644 --- a/Season-2/Level-5/hack-1.js +++ b/Season-2/Level-5/hack-1.js @@ -4,10 +4,12 @@ // 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces? -// Please note that if you are inside a codespace, it is not possible to perform step 1. For -// this reason, please create a local copy for the file 'index.html'. You can do so by copying -// and pasting the contents of 'index.html' in a local file so that you can open it in a browser. -// Then, follow the remaining steps. +// Please note that if you are inside a codespace, it is not possible to perform step 1. +// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/): +// `python3 -m http.server` +// Once running, select on the "ports" tab of the codespace and click on the URL that exposes +// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript. +// Proceed with the remaining steps. // 2. Copy the following line, paste it in the javascript console and press enter. var s = { toString: function() { alert('Exploit 1'); } }; @@ -19,4 +21,4 @@ CryptoAPI.sha1.hash(s) // 5. Refresh the page to reset the level. -// * If the exploit was unsuccessful, you can proceed to the next exploit inside hack-2.js. \ No newline at end of file +// * If the exploit was unsuccessful, you can proceed to the next exploit inside hack-2.js. diff --git a/Season-2/Level-5/hack-2.js b/Season-2/Level-5/hack-2.js index beca416..7581782 100644 --- a/Season-2/Level-5/hack-2.js +++ b/Season-2/Level-5/hack-2.js @@ -4,10 +4,12 @@ // 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces? -// Please note that if you are inside a codespace, it is not possible to perform step 1. For -// this reason, please create a local copy for the file 'index.html'. You can do so by copying -// and pasting the contents of 'index.html' in a local file so that you can open it in a browser. -// Then, follow the remaining steps. +// Please note that if you are inside a codespace, it is not possible to perform step 1. +// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/): +// `python3 -m http.server` +// Once running, select on the "ports" tab of the codespace and click on the URL that exposes +// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript. +// Proceed with the remaining steps. // 2. Copy the following line, paste it in the javascript console and press enter. CryptoAPI.sha1._round = function() { alert('Exploit 2'); }; @@ -19,4 +21,4 @@ CryptoAPI.sha1.hash("abc") // 5. Refresh the page to reset the level. -// * If the exploit was unsuccessful, you can proceed to the next exploit inside hack-3.js. \ No newline at end of file +// * If the exploit was unsuccessful, you can proceed to the next exploit inside hack-3.js. diff --git a/Season-2/Level-5/hack-3.js b/Season-2/Level-5/hack-3.js index 2877966..1e224e8 100644 --- a/Season-2/Level-5/hack-3.js +++ b/Season-2/Level-5/hack-3.js @@ -4,10 +4,12 @@ // 1. Double click index.html to open it in any browser. Are you using Codespaces? -// Please note that if you are inside a Codespace, it is not possible to perform step 1. For -// this reason, please create a local copy for the file 'index.html'. You can do so by copying -// and pasting the contents of 'index.html' in a local file so that you can open it in a browser. -// Then, follow the remaining steps. +// Please note that if you are inside a codespace, it is not possible to perform step 1. +// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/): +// `python3 -m http.server` +// Once running, select on the "ports" tab of the codespace and click on the URL that exposes +// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript. +// Proceed with the remaining steps. // 2. Copy the following line, paste it in the javascript console and press enter. Array.prototype.__defineSetter__("0", function() { alert('Exploit 3'); }); @@ -19,4 +21,4 @@ CryptoAPI.sha1.hash("abc") // 5. Refresh the page to reset the level. -// * If the exploit was unsuccessful, you have now resolved this exploit. Congratulations! \ No newline at end of file +// * If the exploit was unsuccessful, you have now resolved this exploit. Congratulations! diff --git a/Season-2/Level-5/hint-1.txt b/Season-2/Level-5/hint-1.txt index 72b0bda..7cda39d 100644 --- a/Season-2/Level-5/hint-1.txt +++ b/Season-2/Level-5/hint-1.txt @@ -9,13 +9,15 @@ Do you want to visualize the above? Follow these instructions: 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces? -// Please note that if you are inside a codespace, it is not possible to perform step 1. For -// this reason, please create a local copy for the file 'index.html'. You can do so by copying -// and pasting the contents of 'index.html' in a local file so that you can open it in a browser. -// Then, follow the remaining steps. +// Please note that if you are inside a codespace, it is not possible to perform step 1. +// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/): +// `python3 -m http.server` +// Once running, select on the "ports" tab of the codespace and click on the URL that exposes +// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript. +// Proceed with the remaining steps. 2. Copy the first line of the example, paste it in the javascript console and press enter. 3. Now copy the second line, paste it in the javascript console and press enter. -4. A popup should appear with the text "Exploit 1" in it. If it does, the exploit was successful. \ No newline at end of file +4. A popup should appear with the text "Exploit 1" in it. If it does, the exploit was successful. diff --git a/Season-2/Level-5/index.html b/Season-2/Level-5/index.html index 0a7803c..1e640f0 100644 --- a/Season-2/Level-5/index.html +++ b/Season-2/Level-5/index.html @@ -1,6 +1,7 @@ + 
 ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣀⣀⣀⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣀⣀⣀⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣀⣀⣀⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀
 ⠀⠀⠀⠀⠀⠀⠀⠀⣴⣻⣿⡁⠀⠈⢹⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⣻⣿⡁⠀⠈⢹⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⣻⣿⡁⠀⠈⢹⠀⠀⠀⠀⠀⠀⠀⠀⠀
@@ -122,4 +123,4 @@
         runConsole();
     
 
-
\ No newline at end of file
+

From bf963cfd7cdf61cb623e626152539a8b88d322bc Mon Sep 17 00:00:00 2001
From: Joseph Katsioloudes 
Date: Thu, 4 Apr 2024 20:56:17 +0100
Subject: [PATCH 2/2] Apply suggestions from code review

---
 Season-2/Level-5/hack-1.js  | 11 ++++++-----
 Season-2/Level-5/hack-2.js  | 11 ++++++-----
 Season-2/Level-5/hack-3.js  | 11 ++++++-----
 Season-2/Level-5/hint-1.txt | 11 ++++++-----
 4 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/Season-2/Level-5/hack-1.js b/Season-2/Level-5/hack-1.js
index df26b69..0773df3 100644
--- a/Season-2/Level-5/hack-1.js
+++ b/Season-2/Level-5/hack-1.js
@@ -5,11 +5,12 @@
 // 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces?
 
 // Please note that if you are inside a codespace, it is not possible to perform step 1.
-// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/):
-//    `python3 -m http.server`
-// Once running, select on the "ports" tab of the codespace and click on the URL that exposes
-// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript.
-// Proceed with the remaining steps.
+// Instead, run the following command inside the codespace's terminal:
+//    `cd Season-2/Level-5/ && python3 -m http.server`
+// A pop up window will appear on the bottom right informing you that 
+// "Your application running on port 8000 is available". Now click "Open in Browser".
+// Another way to open the application on port 8000 is by clicking on the "Ports" tab 
+// in terminal, followed by clicking on its respective URL.
 
 // 2. Copy the following line, paste it in the javascript console and press enter.
 var s = { toString: function() { alert('Exploit 1'); } };
diff --git a/Season-2/Level-5/hack-2.js b/Season-2/Level-5/hack-2.js
index 7581782..806206f 100644
--- a/Season-2/Level-5/hack-2.js
+++ b/Season-2/Level-5/hack-2.js
@@ -5,11 +5,12 @@
 // 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces?
 
 // Please note that if you are inside a codespace, it is not possible to perform step 1.
-// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/):
-//    `python3 -m http.server`
-// Once running, select on the "ports" tab of the codespace and click on the URL that exposes
-// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript.
-// Proceed with the remaining steps.
+// Instead, run the following command inside the codespace's terminal:
+//    `cd Season-2/Level-5/ && python3 -m http.server`
+// A pop up window will appear on the bottom right informing you that 
+// "Your application running on port 8000 is available". Now click "Open in Browser".
+// Another way to open the application on port 8000 is by clicking on the "Ports" tab 
+// in terminal, followed by clicking on its respective URL.
 
 // 2. Copy the following line, paste it in the javascript console and press enter.
 CryptoAPI.sha1._round = function() { alert('Exploit 2'); };
diff --git a/Season-2/Level-5/hack-3.js b/Season-2/Level-5/hack-3.js
index 1e224e8..2e68a5e 100644
--- a/Season-2/Level-5/hack-3.js
+++ b/Season-2/Level-5/hack-3.js
@@ -5,11 +5,12 @@
 // 1. Double click index.html to open it in any browser. Are you using Codespaces?
 
 // Please note that if you are inside a codespace, it is not possible to perform step 1.
-// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/):
-//    `python3 -m http.server`
-// Once running, select on the "ports" tab of the codespace and click on the URL that exposes
-// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript.
-// Proceed with the remaining steps.
+// Instead, run the following command inside the codespace's terminal:
+//    `cd Season-2/Level-5/ && python3 -m http.server`
+// A pop up window will appear on the bottom right informing you that 
+// "Your application running on port 8000 is available". Now click "Open in Browser".
+// Another way to open the application on port 8000 is by clicking on the "Ports" tab 
+// in terminal, followed by clicking on its respective URL.
 
 // 2. Copy the following line, paste it in the javascript console and press enter.
 Array.prototype.__defineSetter__("0", function() { alert('Exploit 3'); });
diff --git a/Season-2/Level-5/hint-1.txt b/Season-2/Level-5/hint-1.txt
index 7cda39d..1cae2e5 100644
--- a/Season-2/Level-5/hint-1.txt
+++ b/Season-2/Level-5/hint-1.txt
@@ -10,11 +10,12 @@ Do you want to visualize the above? Follow these instructions:
 1. Double click index.html to open it in any browser. Are you using GitHub Codespaces?
 
 // Please note that if you are inside a codespace, it is not possible to perform step 1.
-// Instead, run the following in terminal from the root of the game level (Season-2/Level-5/):
-//    `python3 -m http.server`
-// Once running, select on the "ports" tab of the codespace and click on the URL that exposes
-// port 8000. Navigating to the URL should serve the HTML and vulnerable JavaScript.
-// Proceed with the remaining steps.
+// Instead, run the following command inside the codespace's terminal:
+//    `cd Season-2/Level-5/ && python3 -m http.server`
+// A pop up window will appear on the bottom right informing you that 
+// "Your application running on port 8000 is available". Now click "Open in Browser".
+// Another way to open the application on port 8000 is by clicking on the "Ports" tab 
+// in terminal, followed by clicking on its respective URL.
 
 2. Copy the first line of the example, paste it in the javascript console and press enter.