Archives for the ‘hackvertor’ Category

Decoding non-alphanumeric code with Hackvertor

I saw this post from Thomas Stig Jacobsen. He uses eval to decompile the code, I thought there has to be a better way 🙂 so in literally about 30 minutes I managed to do it after a few tweaks to the JSReg code base. What does non-alphanumeric JavaScript look like? $=~[];$={___:++$,$$$$:(![]+””)[$],__$:++$,$_$_:(![]+””)[$],_$_:++$,$_$$:({}+””)[$],$$_$:($[$]+””)[$],_$$:++$,$$$_:(!””+””)[$],$__:++$,$_$:++$,$$__:({}+””)[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+””)[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+””)[$.__$])+((!$)+””)[$._$$]+($.__=$.$_[$.$$_])+($.$=(!””+””)[$.__$])+($._=(!””+””)[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!””+””)[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+”\””+$.$_$_+(![]+””)[$._$_]+$.$$$_+”\\”+$.__$+$.$$_+$._$_+$.__+”(\\\”\\”+$.__$+$.__$+$.___+$.$$$_+(![]+””)[$._$_]+(![]+””)[$._$_]+$._$+”,\\”+$.$__+$.___+”\\”+$.__$+$.__$+$._$_+$.$_$_+”\\”+$.__$+$.$$_+$.$$_+$.$_$_+”\\”+$.__$+$._$_+$._$$+$.$$__+”\\”+$.__$+$.$$_+$._$_+”\\”+$.__$+$.$_$+$.__$+”\\”+$.__$+$.$$_+$.___+$.__+”\\\”\\”+$.$__+$.___+”)”+”\””)())(); Produced by my […]

Hackvertor supports 0Auth

I’ve finally added Twitter 0Auth support in Hackvertor, you can now login via Twitter to save you from remembering yet another set of creds. I plan to use the twitter features to enable realtime sharing of HVURLs and interface, maybe games and challenges too eventually. All points are reset 🙁 but if you login and […]

Hackvertor export API

I’ve had requests to create a Hackvertor API to allow you to embed it on your own sites, so I’ve created one. It uses postMessage to communicate and you can set the width, height, top, left and callback for your output. The code looks like this:- Hackvertor.write({top:’0px’,left:’300px’,width:’700px’,height:’400px’, callback:function(str) { document.getElementById(‘output’).value=str; }}); This will write a […]

JSReg bypasses

I set a cool Hackvertor challenge on slackers. The idea was to call the function defined in window. There is a perfectly legitimate way of doing this as I discovered the method when I was testing it, instead of fixing it I created the challenge. Stefano Di Paola of course figured it out, nice work […]

New Hackvertor upgrade

It’s been a while for a Hackvertor update, you might have noticed that the old one hasn’t changed in a while. This is because I’ve finally moved it over to the new one with a bunch of new features. I’ll give you a run down of the new tags and features I’ve added. I still […]

Hackvertor Ajax applications

I hate to use the word Ajax because there’s no XML involved just nice JSON but Hackvertor now has Ajax applications! At the moment it’s very rough around the edges but it will improve when I get more spare time to work on them. What does it mean? Well you can now share actual HTML/JS […]

Astalanumerator update

I wanted a sexy object enumerator. There wasn’t any. So I developed the terminator of enumerators “astalanumerator”. I have since integrated it into Hackvertor because that where I seem to put everything nowadays. Anyway you can use it by visiting:- 1. 2. Type window into the output 3. Click Inspect. Yeah damn sexy eh? […]

Writing Hackvertor tags

My one man mission to create a social coding network is going well, if you read this blog previously you’ll remember my attempts at a JavaScript sandbox until I finally settled on JSReg as a method. I’ve refined the process of creating tags after trying to build them myself using the editor. How to create […]

Hackvertor API

Over the weekend Stefano Di Paola broke my JSReg sandbox with some awesome vectors in particular the Opera one. He took my challenge after I laid down the gauntlet on the web app sec list. If you have some sandbox you want breaking, some Flash you need testing or general pen test work you should […]

Hackvertor and JSReg

I’m not a developer any more so I find it difficult to update the experiments I’ve been working on but I managed today to upload the work I’ve done with JSReg and update Hackvertor. They are both integrated closely together because Hackvertor allows untrusted Javascript using JSReg. The recent upgrade to JSReg allowed me to […]