Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
WillYouHack.Me? (willyouhack.me)
36 points by hansy on June 24, 2014 | hide | past | favorite | 24 comments


> {user: "aBlackDude", pass: "12inches", flag: "u"}

Cool racism, bro.


Yeah, keep it classy.


Came here to say this


So this is like the hip, overhyped version of any [1] number [2] of [3] public [4] CTF [5] and [6] hackme [7] sites [8]?

1 - http://overthewire.org/wargames/

2 - http://www.hacker.org

3 - http://smashthestack.org

4 - http://3564020356.org

5 - https://w3challs.com

6 - http://sys.warchall.net

7 - http://canyouhack.it

8 - http://www.microcontest.com

(Seriously, there's a ton)


Is there any reason there should be some limit on these kinds of sites?


Not really, just don't make them as shitty as this one before going public.


The creator of this could probably use some more constructive feedback than "don't make it shitty."


But that's much harder than spamming the top results from a google search and acting like you're better than OP.


  currentUser = users[2].user; function checkUserNameAndPass() { return true; }


> function decrypt(a){return "a";}

notAdmin

a

"Login complete, and notAdmin is Admin."

Reminds me of when I made a login-form in flash, that simply redirected the browser to "hiddenLoggedIn.html". To be fair I was around 13.


Bah, and I spent the 60 seconds "decrypting" notAdmin's password ;)

Woops, you got him there! (teehee)


Yeah I saw the case thing and ... noo thanks.

In hindsight we could've just called decrypt from the console.

> decrypt("dllkhGlgME") "woopsGotME"


Surprised no one has really hacked you on godaddy.


That's an "unconventional" way of using the switch/case construct. But it doesn't seem to matter in this case. Intentional?

md5 of password is 44f02a78f5203c7c41463c75aba9e9cc.


This only serves to illustrate why relying on obfuscation to protect you via security-through-obscurity is ridiculous. Commercial Javascript libraries with DRM should take note.


I've never run into one of these and am curious, do you have an example of a library that tries to do this with obfuscation?


What's the state of the art in JavaScript DRM?


I think you're confusing JS minification with obfuscation. Minified code looks obfuscated, sure, but it's not done to deter "hacking", just to make the code smaller.


The code in the challenge isn't even minified, it's just really minimally obfuscated. So, no confusion here.


I'm not talking about the challenge, but those supposed commercial JS libraries with DRM that you're advising "should take notice".

There are no mainstream examples of such libraries. You're likely confusing minified libraries for having an intent to obfuscate, or talking out your ass.

One or the other.


Yeah? Go take a look at GoJS. Then sulk off to whatever fetid corner of the internet you came from.


Reminds me of hackthissite.org


Came here to say this. That site was so awesome back in the day. Still is.


cool




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: