Source: cirosantilli/cia-2010-covert-communication-websites/iraniangoals-com-javascript-reverse-engineering

= iraniangoals.com JavaScript reverse engineering

<JavaScript> file: https://web.archive.org/web/20110202091909/http://iraniangoals.com/journal.js

Some <reverse engineering> was done at: https://twitter.com/hackerfantastic/status/1575505438111571969?lang=en[].

Notably, the password is hardcoded and its <hash> is stored in the JavaScript itself. The result is then submitted back via a POST request to `/cgi-bin/goal.cgi`.

TODO: how is the SHA calculated? Appears to be manual.

Back to article page