BreakDown of "How to Hack Password Protected  Web Pages!"
 
Level One
 
Which can be vewied here

To understand what the web page can tell us we will want to go into the source and view this source code:

Here is the code that interests us:

<script language="Javascript">

function PassConfirm() {

var x=document.password.pass.value     ;the variable is 'x'

if (x=="password") {                              ;'IF', "x" equals "password" then

alert("YOU MAY PASS")                      ;pop box; "You May Pass"

window.open("bingoone.htm","_self") }  ;opens a new window which takes you to "bingoone.htm"; goodguy page

else {                                                     ;IF NOT eqaul then...

alert("THAT WASN'T IT")                   ;pop error box "That Wasn't It"

window.open("errorone.htm","_self") }  ;opens a new window which takes you to "errorone.htm"; badguy page
}
</SCRIPT>

another part of this code check that must be present is this:

<onClick="return PassConfirm()">
 

This is the 'trigger' which is the button that
calls the js-script function PassConfirm..

<onClick="return PassConfirm()">
 

To change the conditional check to another conditional statement that will except any input as true; we can make "ANY" password correct by:
 looking at this nippet of javacode...

if (x=="password") {                      ; x==must always = the correct password in quotes...
 

Well, if we change this line to:

 if (x!="password") {                        ;x!=...now says 'x' is NOT EQUAL TO the password in quotes...

And so now... IF x does NOT equal "password" then
execute the good guy routine and display the good cracker message..

example:

var x=document.password.pass.value   ;the variable is 'x'

if (x!="password") {                             ;'IF', "x" is not equal to "password" then

alert("YOU MAY PASS")                    ;pop box; "You May Pass"
 


 
Another way we can reverse this routine is by deleting the WHOLE
function, leaving ONLY the good guy message and the line that takes us
to the next level.. here's what the new function will look like after
our deletions..
 

function PassConfirm() {

alert("YOU MAY PASS")

window.open("bingoone.htm","_self")

}

Now because I do not have access to the authors ftp site; making these changes will reverse the code and pop the good guy box...but will not take me to "bingoone.htm" unless I have "bingoone.htm" inside the same directory as this source code resides within...

And so Reversing the Code in the above essay is only to show what the code is saying to us and how we can interupet and understand its meaning...

Regards to The Sandman who's efforts to build a  nureo-network of various studies for newbies is unsurpassed!  and to our new friend and JavaTeacher "The Seeker"

Greetz to twno; Dogbytes; snake; and to all others; ya know who ya all are!

Jeff