Recap of Last Lesson: We right clicked in the browser to view the page source and find the hidden password.
Objective
Find the password to log into level 2.
Intel Given
- URL: http://natas1.natas.labs.overthewire.org/
- Password is on the page
- Rightclick is blocked
How to
This challenge is extremely similar to the one before it with one exception. While previously we were able to view the source by right clicking, this time we are blocked from doing so. Depending on your browser, you may still be able to right click despite the administrator attempting to block it. For the purpose of this lesson, we will assume we cannot do so.
- Open Developer Mode
- Through the Menu
- By using keyboard shortcuts
- Through disabling JavaScript
In Firefox, you can press the F12 key to open Developer mode. This will open a console with a number of different tools. The Inspector tab will contain the HTML source code.
Depending on your version of Firefox, you will also have a menu. This can be accessed from clicking on the Menu icon on the far right, and in other versions of Firefox, pressing ALT will bring it up.
Also, by pressing CTRL + U you can instantly bring up the source code.
Once you are able to read the source code you may notice something: The right-click functionality is being blocked with Javascript. Like with HTML, I highly recommend getting familiar with Javascript for further exercises. You can learn it at W3Schools and Codecademy. Since this code is in Javascript, if the browser was set to disable javascript, this could not run. Certain add-ons like NoScript block Javascript for security reasons.
The code of the Javascript is such:
<body oncontextmenu=”javascript:alert(‘right clicking has been blocked!’);return false;”>
What does this mean? The oncontextmenu event occurs when the user right-clicks on an element to open the context menu. Since this is attached to the Body tag, any-time the user right-clicks in the Body of this page, the event will occur. The javascript alert brings up an alert box.
