Alright, i said i would, so i will...

javascript:

There are 2 main commands that any hacker should know with javascript:

void--it's used to add/change information

alert--it's used to display messages/values of variables/values of certain javascript built in protocals

of course, they're not all javascript can do....they're just the most important ones for our purposes

alright, the most used javascript built in protocal is document.cookie, so i figure ill go over that first

type into your browser's address bar:

javascript:alert(document.cookie)

it will (should) tell you the contents of your cookies for this site....now you may think that's worthless, but what if you were on a site, and you had a cookie that said *****_authorized=no, you would think: hmm...i want to be the *****, that would be cool, wouldnt you;

with javascript; we can do this (this site is insecure if that's the way the validate their admins, so they deserve it)

try typing into your browser:

javascript:alert(document.cookie);void(document.co okie="*****_authorized=yes");alert(document.cookie )

the alert at the end should now show you that *****_authorized=yes

the basic structure of a cookie in javascript is NAME=value if you havent picked that up yet....so if you wanted a cookie named hello, and the value of it to be world; you would use void(document.cookie="hello=world")

speaking of which, we can use javascript to show people who visit a site messages; like so: using alert("hello world")
the ; is a character return, so when entering that into the address bar, if it is followed by another command; you must have the ;

if you are writing this into a script on a webpage; you would want to use

<scr ipt>
alert("hello World");
</scr ipt>

this goes for any javascripting you are doing that is written to a webpage...

the script tags replace the javascript: line in your address bar

(unless of course the javascript is being used as a link on a page; then you would use the javascript: line)

now with alert, you can also display the value of variables on a page; such as if there was a variable on a page called i, and i told how much time you had remaining; you could type

javascript:alert(i)

in your address bar, and it would show you the value of i at that moment

now to change i, you could type

javascript:alert(i);void(i=X);alert(i)
where x is the new value of i, which you choose

now lets say someone has a website where they have a login script, and it does really complicated math to figure out whether the pass you enter is what they are looking for,

something like:

<scr ipt>
var hello="thisisareallylongstatementthatyoudontwantto messwith";
var i=hello.charCodeAt(3);
var j=hello.charCodeAt(10);
var k=hello.charCodeAt(7);
var l=hello.charCodeAt(6);
var a=hello.charCodeAt(9);
var realpass=a+l+j+i+k;
function checkpass()
{
pass=document.password.pass.value;
if pass==realpass
{
alert("well done, access granted")
}
else
{
alert("bastard, you cant come in")
}
}
</scr ipt>
now, all that hello.charCodeAt() stuff checks in hello (or whatever is before the charCodeAt() part) for the letter that corrresponds to the #....and you dont want to be counting thru all the letters to find it, so all you gotta do is write a javascript function that will tell you the password: take their variables:
(in url, it's faster than making your own page; altho you could do that too)

javascript:var hello="thisisareallylongstatementthatyoudontwantto messwith";var i=hello.charCodeAt(3);var j=hello.charCodeAt(10);
var k=hello.charCodeAt(7);var l=hello.charCodeAt(6);var a=hello.charCodeAt(9);var realpass=a+l+j+i+k;alert(realpass)

this should all be one line (durr; it's in the address bar)

the alert at the end will show you the contents of realpass, and you can write it down and enter it into the password field (yes there are a few websites that use that)

of course, since it is not a script that has already run, it will not already have a value, so you cant just type javascript:alert(realpass), since realpass does not exist yet.

now if you should come across a website that is using a javascript alert box to check your password; just dissable javascript; reload the webpage; look at the source, and figure out what pass it's looking for (how to disable javascript is dependant on your browser)

now lets say we had a script on a website so that if a administrator forgot his password, he could have it emailed to himself....this would be done through a form on the page; so you could use javascript's built in document.forms to view the data in the form or change it....

document.forms[] where the[] has a # for the # of the form (follows the order of it in the source), starting at 0=1 (not one)

so lets say his form is form 1 in the source, and we want to get the value of it, then change it to our email address (yes, you could edit the page on your box,then spoof it, but that's just one of many ways)

we would use:

javascript:alert(document.forms[0].email.value)

and that would show us that his email address was whatever@whatever.whatever

so then we would want to change it to our address (doesnt have to be a email addy that we're changing...you could change anything that you got the name of, just look in the source for the name of it {should be name=thenamehere})

javascript:alert(document.forms[0].email.value);void(document.forms[0].email.value="ouremail@whatever.whatever");alert(d ocument.forms[0].email.value)

the end alert just shows us that it did change it...then you would click send to email; and it would send it to you (few people use this type of script to send their password;ive never seen it other than on hackthissite.org; but that doesnt make knowing how to do it useless; there are plenty of other things you might wanna change; like where it sends the data; what it tells the server ((you could potentially have it believe that you came from the ***** pannel if you were lucky enough to find somewhere vulnerable to it)))



that's basically what you would want to know about javascript for hacking...if you wanna learn about how to use javascript further, find a tutorial that isnt geared towards hacking; ive used the one on http://www.w3schools.com/ for most of my needs


please note that anywhere where you see <scr ipt> and </scr ipt> there is not meant to be a space...it just wont let me post it with code tags for some reason...

happy, bitches?

yeah....that was really messy, but it's still got the info you would need...

its missing parts wtf?

that's better...sorry for quadruple posting....

cool, thx cuddles ((bows to our anti-social god))

Dude, stop bowing! Yer knee landed in dog shit! Cuddles I'm looking into making kiosks and they use a lot of Javascript to make 'em with Knoppix.
I think my lazy ass will finally figure out how to use the scanner cuz no way I'm typing all this out. Anyways we should learn to make kiosks. Good skill to learn fer various reasons. Business (you see all the kiosks at the stores), pranks (load a kiosk with radical shit on to store computers, imagine Anarchist propaganda on every computer at best buy lol. And set it to activate every time the computer turns on!)

your moms knees were in dogshit last night

Yeah I love those dogs.