

WillYouHack.Me? - hansy
http://willyouhack.me/

======
dwyer
> {user: "aBlackDude", pass: "12inches", flag: "u"}

Cool racism, bro.

~~~
cwb71
Yeah, keep it classy.

------
q3k
So this is like the hip, overhyped version of any [1] number [2] of [3] public
[4] CTF [5] and [6] hackme [7] sites [8]?

1 - [http://overthewire.org/wargames/](http://overthewire.org/wargames/)

2 - [http://www.hacker.org](http://www.hacker.org)

3 - [http://smashthestack.org](http://smashthestack.org)

4 - [http://3564020356.org](http://3564020356.org)

5 - [https://w3challs.com](https://w3challs.com)

6 - [http://sys.warchall.net](http://sys.warchall.net)

7 - [http://canyouhack.it](http://canyouhack.it)

8 - [http://www.microcontest.com](http://www.microcontest.com)

(Seriously, there's a ton)

~~~
codezero
Is there any reason there should be some limit on these kinds of sites?

~~~
q3k
Not really, just don't make them as shitty as this one before going public.

~~~
codezero
The creator of this could probably use some more constructive feedback than
"don't make it shitty."

~~~
prezjordan
But that's much harder than spamming the top results from a google search and
acting like you're better than OP.

------
markcampbell

      currentUser = users[2].user; function checkUserNameAndPass() { return true; }

------
wingerlang
> function decrypt(a){return "a";}

notAdmin

a

"Login complete, and notAdmin is Admin."

Reminds me of when I made a login-form in flash, that simply redirected the
browser to "hiddenLoggedIn.html". To be fair I was around 13.

~~~
scarygliders
Bah, and I spent the 60 seconds "decrypting" notAdmin's password ;)

Woops, you got him there! (teehee)

~~~
wingerlang
Yeah I saw the case thing and ... noo thanks.

In hindsight we could've just called decrypt from the console.

> decrypt("dllkhGlgME") "woopsGotME"

------
drunkcatsdgaf
Surprised no one has really hacked you on godaddy.

------
im3w1l
That's an "unconventional" way of using the switch/case construct. But it
doesn't seem to matter in this case. Intentional?

md5 of password is 44f02a78f5203c7c41463c75aba9e9cc.

------
loopdoend
This only serves to illustrate why relying on obfuscation to protect you via
security-through-obscurity is ridiculous. Commercial Javascript libraries with
DRM should take note.

~~~
mantraxC
I think you're confusing JS minification with obfuscation. Minified code looks
obfuscated, sure, but it's not done to deter "hacking", just to make the code
smaller.

~~~
loopdoend
The code in the challenge isn't even minified, it's just really minimally
obfuscated. So, no confusion here.

~~~
mantraxC
I'm not talking about the challenge, but those supposed commercial JS
libraries with DRM that you're advising "should take notice".

There are no mainstream examples of such libraries. You're likely confusing
minified libraries for having an intent to obfuscate, or talking out your ass.

One or the other.

~~~
loopdoend
Yeah? Go take a look at GoJS. Then sulk off to whatever fetid corner of the
internet you came from.

------
kevinschumacher
Reminds me of hackthissite.org

~~~
jayd3e
Came here to say this. That site was so awesome back in the day. Still is.

------
johnlim5847
cool

