rt1"
    }
    else {
      alert("Invalid Password")
    }
  }
  else {
    alert("Invalid UserID")
  }
}
//-->

lv2:

http://www.hellboundhackers.org/challenges/js/js2/level2script.js
<!--
var password, i;

password=prompt("Please enter password!","");
if (password=="level2done") {
  location="huh.php"
  i=4;
}
else {
alert("Wrong password, you'll go back to the index")
  location="index.php"
}

//-->

lv3:

<script>
var U7=window,W8=document;
var a1="%3Cscript%20language%3D%22JavaScript1.1%22%3E%0D%0A%3C%21--%0D%0Afunction%20right%28e%29%20%7B%0D%0A%20%20if%20%28navigator.appName%20%3D%3D%20%27Netscape%27%20%26%26%20%28e.which%20%3D%3D%203%20%7C%7C%20e.which%20%3D%3D%202%29%29%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20else%20if%20%28navigator.appName%20%3D%3D%20%27Microsoft%20Internet%20Explorer%27%20%26%26%20%28event.button%20%3D%3D%202%20%7C%7C%20event.button%20%3D%3D%203%29%29%20%7B%0D%0A%20%20%20%20alert%28%22Rigth-mouse%20click%20isn%27t%20allowed%21%22%29%3B%0D%0A%20%20%20%20return%20false%3B%0D%0A%20%20%7D%0D%0A%20%20return%20true%3B%0D%0A%7D%0D%0Adocument.onmousedown%3Dright%3B%0D%0Aif%20%28document.layers%29%20window.captureEvents%28Event.MOUSEDOWN%29%3B%0D%0Awindow.onmousedown%3Dright%3B%0D%0A//--%3E%0D%0A%3C/script%3E%0D%0A%0D%0A%3Cscript%20language%3D%22javascript%22%3E%0D%0A%3C%21--%0D%0Afunction%20pasuser%28form%29%20%7B%0D%0Avar%20text2%3D%27lolage%27%0D%0Avar%20text4%3D%27hahaomgz%27%0D%0A%20%20if%20%28form.text1.value%3D%3Dtext2%29%20%7B%20%0D%0A%20%20%20%20if%20%28form.text3.value%3D%3Dtext4%29%20%7B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0D%0A%20%20%20%20%20%20location%3D%22index.php%3Ftext1%3Dlol%26text3%3Dhaha%22%20%0D%0A%20%20%20%20%7D%0D%0A%20%20%20%20else%20%7B%0D%0A%20%20%20%20%20%20alert%28%22Invalid%20Password%22%29%0D%0A%20%20%20%20%7D%0D%0A%20%20%7D%0D%0A%20%20else%20%7B%0D%0A%20%20%20%20alert%28%22Invalid%20UserID%22%29%0D%0A%20%20%7D%0D%0A%7D%0D%0A//--%3E%0D%0A%3C/script%3E%0D%0A%3Ccenter%3E%0D%0A%20%20%3Ctable%20cellpadding%3D%224%22%20border%3D%220%22%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EUser%20ID%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cform%20name%3D%22login%22%3E%3Cinput%20name%3D%22text1%22%20type%3D%22text%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%2284%22%3EPassword%3A%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%2224%22%20width%3D%22170%22%3E%3Cinput%20name%3D%22text3%22%20type%3D%22password%22%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%20%20%3Ctr%3E%0D%0A%20%20%20%20%20%20%3Ctd%20align%3D%22center%22%20height%3D%221%22%20width%3D%2284%22%3E%3Cinput%20type%3D%22button%22%20value%3D%22Login%22%20onClick%3D%22pasuser%28this.form%29%22%3E%3C/td%3E%0D%0A%20%20%20%20%20%20%3Ctd%3E%3C/td%3E%0D%0A%20%20%20%20%3C/tr%3E%0D%0A%20%20%3C/table%3E%0D%0A%3C/center%3E";
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
Using html decode : http://scriptasylum.com/tutorials/encdec/encode-decode.html

<script>
var U7=window,W8=document;
var a1="<script language="JavaScript1.1">
<!--
function right(e) {
  if (navigator.appName == 'Netscape' && (e.which == 3 || e.which == 2))
    return false;
  else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 || event.button == 3)) {
    alert("Rigth-mouse click isn't allowed!");
    return false;
  }
  return true;
}
document.onmousedown=right;
if (document.layers) window.captureEvents(Event.MOUSEDOWN);
window.onmousedown=right;
//-->
</script>

<script language="javascript">
<!--
function pasuser(form) {
var text2='lolage'
var text4='hahaomgz'
  if (form.text1.value==text2) {
    if (form.text3.value==text4) {              
      location="index.php?text1=lol&text3=haha"
    }
    else {
      alert("Invalid Password")
    }
  }
  else {
    alert("Invalid UserID")
  }
}
//-->
</script>
<center>
  <table cellpadding="4" border="0">
    <tr>
      <td align="center" height="24" width="84">User ID:</td>
      <td align="center" height="24" width="170"><form name="login"><input name="text1" type="text"></td>
    </tr>
    <tr>
      <td align="center" height="24" width="84">Password:</td>
      <td align="center" height="24" width="170"><input name="text3" type="password"></td>
    </tr>
    <tr>
      <td align="center" height="1" width="84"><input type="button" value="Login" onClick="pasuser(this.form)"></td>
      <td></td>
    </tr>
  </table>
</center>";
function V0(){var V0;V0=unescape(a1);W8.write(V0);}V0();
</script>
--->
var text2='lolage'
var text4='hahaomgz'
--->http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lol&text3=haha
Change to : http://www.hellboundhackers.org/challenges/js/js3/index.php?text1=lolage&text3=hahaomgz -->ok

lv4:
javascript:alert(document.cookie);document.write (document.cookie);
Using XSS:
http://www.hellboundhackers.org/challenges/js/js4/index.php?submit=%3Cscript%3Ealert(document.cookie)%3C/script%3E

lv 5:
<script language="JavaScript" src="level5.js"></script>
http://www.hellboundhackers.org/challenges/js/js5/level5.js
a = prompt("Please enter password!","");
date = new Date();
  year = date.getYear();
    b = year+12;
if(a == b){
    alert("Good job! You got it!");
    window.location.href=year+".php";
  }
  else
  {
    alert("Try it again!");

  }

---->Create a html file :
<html>
<head>
<title>Owned</title>
</head>
<script language="javascript">
a = prompt("Please enter password!","");
date = new Date();
  year = date.getYear();
    b = year+12;
alert(b);
if(a == b){
    alert("Good job! You got it!");
    window.location.href=year+".php";
  }
  else
  {
    alert("Try it again!");

  }

</script>
</html>
---------> alert(b); 118

lv6:
<script language="Javascript">
function checkPass(){
Location  = document.form.password.value
Location = "js6-" + "window.open" + ".php"
document.write("Pass= " + Location);
if (document.form.password.value == Location ) {
    alert("Good Job!")
    window.open(Location)
    }
else{
    alert("Try Again!")
    }
}
</script>

--->pass: js6-window.open.php

lv7 :
Using Flashget download file :
http://www.hellboundhackers.org/challenges/js/js7/index.php
<script language="JavaScript">

  function password () {

    var s1, a2, v3, e4, input;
    s1=window.document.bgColor;
    a2=window.document.linkColor;
    v3=s1.substring (6,9)+a2.substring (2,8);
    e4=v3.toUpperCase ();
input=prompt("Password:","");
if (input!=v3 && input!=e4) {
      alert("Wrong!");
      window.location.href="../index.php";
    }
else {
      window.location.href=v3+".php";
    }
  }
</script>
</head>
<body bgcolor="#D0D0D0" text="#FF9900" onLoad="password()" link="#FF9900">

--->pass :0f9900

lv8:
<script>document.cookie="secret=90 dd 3b 21 5f 23 9a 63 3f a6 ae 3c 31 64 3f 60 2e ea 3f 72 51 cf fd f0 fe"</script>    
Solve : hex->decial->ACSII
90  dd  3b 21 5f 23 9a  63 3f a6  ae  3c 31 64  3f 60 2e ea  3f 72  51 cf  fd  f0  fe144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
144 221 59 33 95 35 154 99 63 166 174 60 49 100 63 96 46 234 63 114 81 207 253 240 254
A-AZ: 65-90
a-Z : 97-122
max : 254-122 = 132
---> 63 : a,e,i,o,u
63 : a,--> d=97-63=36 : ª
63 : e --> d=101-63 = 38 : ¶
63 : i --> d=105-63 = 42 : º
63 : o --> d=111-63 = 48 : À
63 : u

lv9:
<script>
var c = 34200;
var p = "%68%6F%77%73%6C%69%66%65%3F%65%61%73%79%2E%00";
var a;
fc();
function fc()
{
if(c>0)
{
    document.getElementById("say").innerHTML = "<b><big>Please wait " + c + ' seconds.</big></b>';
    c = c - 1;
    setTimeout("fc()", 1000)
} else {
    a = unescape("%33");
    document.getElementById("say").innerHTML = "Your password is: " + unescape(p-a) + unescape("%3C%66%6F%72%6D%20%61%63%74%69%6F%6E%3D%27%69%6E%64%65%78%2E%70%68%70%27%20%6D%65%74%68%6F%64%3D%27%50%4F%53%54%27%3E%0D%0A%45%6E%74%65%72%20%50%61%73%73%77%6F%72%64%3A%20%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%74%65%78%74%27%20%6E%61%6D%65%3D%27%70%61%73%73%27%20%73%74%79%6C%65%3D%27%74%65%78%74%62%6F%78%27%3E%3C%62%72%3E%0D%0A%3C%69%6E%70%75%74%20%74%79%70%65%3D%27%73%75%62%6D%69%74%27%20%6E%61%6D%65%3D%27%73%75%62%6D%69%74%27%20%76%61%6C%75%65%3D%27%43%68%65%63%6B%20%79%6F%75%20%61%6E%73%77%65%72%27%20%73%74%79%6C%65%3D%27%62%75%74%74%6F%6E%27%3E%0D%0A%3C%2F%66%6F%72%6D%3E%00");
}
}
</script>

decode :
<script>
var c = 34200;
var p = "howslife?easy.";
var a;
fc();
function fc()
{
if(c>0)
{
    document.getElementById("say").innerHTML = "<b><big>Please wait " + c + ' seconds.</big></b>';
    c = c - 1;
    setTimeout("fc()", 1000)
} else {
    a = unescape("3");
    document.getElementById("say").innerHTML = "Your password is: " + unescape(p-a) + unescape("<form action='index.php' method='POST'>
Enter Password: <input type='text' name='pass' style='textbox'><br>
<input type='submit' name='submit' value='Check you answer' style='button'>
</form>;
}
}
</script>
----: javascript:c=1;Back-->ok

lv10:
<script>
    //By system_meltdown
    function checkpass()
    {
     pass=document.password.pass.value;
     rawr=unescape('%61%68%6f%79');
     string="llama llama duck!";
     a=string.charCodeAt(1);
     b=string.charCodeAt(7);
     c=string.charCodeAt(4);
     schloob60*50/3*a)-(b*c))/2/5+b;
     asdf=rawr+"_"+schloob;
     if(pass==asdf)
     {
      alert('Wahoo you got it!');
     }
     else
     {
      alert('Awww shame!');

     }
    }
</script>
rawr=unescape('%61%68%6f%79');decode : rawr=unescape('ahoy');
schloob=9860.4
asdf=ahoy_9860.4

lv11:
<script>
//By system_meltdown
var s = "Llama llama chicken duck, schloob mcfroob, moo asdf qwerty zxcv. Rawr llama kinasd, [insert random crap here]It's hammer on the keyboard time: sfsdfoashdfy78sdfysdfs67dftsdf 6tsdf76as tfa. Well I'm bored, so if you're still reading this I advise you to stop because you are wasting your time....dumbarse ";
var asd = s.charCodeAt(14);
var fdsa = s.charCodeAt(42);
var sadfasf = s.charCodeAt(4);
var moo = s.charCodeAt(43);
var teeep = s.charCodeAt(32);
var asdf = asd+fdsa+sadfasf+moo+teeep;
function checkpass()
{
pass=document.password.pass.value;
if(pass==asdf)
{
alert('Well done dude!');
}
else
{
alert('You suck!');
}
}
</script>

--->javascript:alert(asdf); -->pass : 441

lv12:
<script>

function checkpass()  
{
 pass=document.password.pass.value;  
 z=2;  
 x=z*1.5;  
 v=z*2;  
 w=v*1.75;  
 y=v*1.25;  
 abc(y*v*y*x+z)*x+w)*z+y)*v+w;

 if(pass==abc)  
 {  
  alert('Congratz! You are good at Math');  
 }  
 else  
 {  
  alert('Sorry, try again when you learn more Math!');
 
 }

}

</script>

---> pass: 7331

lv13:
<script>document.cookie='authorized=false'</script>
-->
http://www.hellboundhackers.org/challenges/js/js13/index.php?javascript:document.cookie='authorized=true'

lv14:
script>
 a = screen.width;
if(a != 800)
{
 alert('Sorry you do not have the right parameters!');
}else{
 window.location='/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1'
}
http://www.hellboundhackers.org/challenges/js/js14/index.php?ans=0e110c5fbf226dffd25740ae56d4edb1

lv15:
    var a = password.charAt(9)=q
    var b = password.charAt(10)=u
    var c = password.charAt(4)=e
    var d = password.charAt(7)=r
    var e = password.charAt(1)=y
    var f = password.charAt(6)=""
    var g = password.charAt(3)=t
    var h = password.charAt(8)=e
    var i = password.charAt(0)=s
    var j = password.charAt(13)=t
    var k = password.charAt(6)=""
    var l = password.charAt(5)=m
    var m = password.charAt(11)=e
    var n = password.charAt(2)=s
    var o = password.charAt(12)=s
    var riddle = "query test mess";
-->pass : system request