| Author |
javascript 16 |
redhothacker
Member
Posts: 131
Location: Caribbean
Joined: 28.01.07
Rank: God |
|
|
hi,can anyone help me with this challenge?just a push in the right direction |
|
| Author |
RE: javascript 16 |
redhothacker
Member
Posts: 131
Location: Caribbean
Joined: 28.01.07
Rank: God |
|
|
oh lord |
|
|
| Author |
RE: javascript 16 |
redhothacker
Member
Posts: 131
Location: Caribbean
Joined: 28.01.07
Rank: God |
|
|
oh lord |
|
|
| Author |
RE: javascript 16 |
redhothacker
Member
Posts: 131
Location: Caribbean
Joined: 28.01.07
Rank: God |
|
|
where can i find an article explaining how to build a bruteforce? |
|
|
| Author |
RE: javascript 16 |
MrBlueSky
Member
Posts: 8
Location:
Joined: 20.01.08
Rank: God |
|
|
redhothacker wrote:
where can i find an article explaining how to build a bruteforce?
You have to implement the javascblockedript algorithm in a language of your choice and then calculate the checksum for all possible strings ("aaa", "aab",.., "zzz", "aaaa", etc) until you find the one which yields the right checksum.
But it will take forever, if you don't find some smart optimization (*). Has someone already solved this challenge?
---
(*) You can also try random strings. If you are very very lucky, it will take only a few seconds... 
Edited by MrBlueSky on 24-01-08 00:25 |
|
|
| Author |
RE: javascript 16 |
bandi999
Member
Posts: 12
Location:
Joined: 01.12.07
Rank: God |
|
Read the Forum (and this thread) and you will find members who have beaten this.
I'm convinced that this can't be done without any hints. Do some maths and write a fast burteforcer, but there are still billions (and I mean billions) possible solutions.
So I would be interested in how -cL did this challenge. |
|
|
| Author |
RE: javascript 16 |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
Well, perhaps if all generated passwords were checked against a wordlist all 'real' words could be separated from the rubbish 
But that requires the true password to be a normal word which exists in the wordlist, and we don't know that until we've beaten the challenge lol
http://uber0n.webs.com/ |
 
|
| Author |
RE: javascript 16 |
devilsson2010
Member
Posts: 93
Location: Massachusetts
Joined: 25.04.08
Rank: Active User |
|
This is actually very simple, I just need someone to tell me which language will fill out the text box and submit it. It can be done easily with 'for' loops.
First you start with all letters and numbers in an array/vector, for example vector dictionary. Then do a bunch of for loops for how big you want the word to be. So for 2 letter words you would do something like this (written in C++ format):
for (int a=0;a<dictionary.size();a++)
{
string temp1 = dictionary[a];
for (int b=0;b<dictionary.size();b++)
{
string temp2 = dictionary[b];
cout << temp1 << temp2 << endl; // This part should put the code into the box
}
}
Can Java auto-enter something into the box?
 |
|
|
| Author |
RE: javascript 16 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
|
devilsson2010 wrote:
This is actually very simple, I just need someone to tell me which language will fill out the text box and submit it. It can be done easily with 'for' loops.
First you start with all letters and numbers in an array/vector, for example vector dictionary. Then do a bunch of for loops for how big you want the word to be. So for 2 letter words you would do something like this (written in C++ format):
for (int a=0;a<dictionary.size();a++)
{
string temp1 = dictionary[a];
for (int b=0;b<dictionary.size();b++)
{
string temp2 = dictionary[b ];
cout << temp1 << temp2 << endl; // This part should put the code into the box
}
}
Can Java auto-enter something into the box?
LMFAO.
So in a challenge aimed at producing clean FAST code, you'regoing to pass each iteration to a freaking javascblockedript parser in a browser? good luck mate.
And as far as I know there is no trick. If someone cracks this mathematically there'll be a big prize.
The algorithm has HEAPS of collisions, but they're easy to flter out (grep ), but only the right pass will work.
This challenge is an ample PoC of a secure client side authentication system.
blog.psych0tik.net
Nice one R3l3ntl3ss^^
Edited by richohealey on 27-04-08 12:29 |
|
| Author |
RE: javascript 16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
brb, has anybody here beated this challenge with perl scblockedript. Is it even possible do this in some sensible time in perl ?
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: javascript 16 |
The_Gman
Member
Posts: 30
Location:
Joined: 02.09.08
Rank: Mad User |
|
ugh, this won't be fun to do.
#WORD# and htat it's 12 cahrs long saves tons of time, but still.
|
|
|
| Author |
RE: javascript 16 |
nine-ball
Member
Posts: 77
Location: Backdoor on life
Joined: 30.07.08
Rank: Hacker Level 1 |
|
The only programming language i know so far is C++
and not too much of it really.
My question is...
Would writing this in C++ be a bad idea? Speed wise
http://www.ariel.com.au/jokes/The_Evolution_of_a_Programmer.html
My passionate sense of social Justice and social responsibility has contrasted oddly with my pronounced lack of need for direct contact with other human beings and human communities. -Albert Einstein |
|
| Author |
RE: javascript 16 |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
not at all, just make sure you rewrite the algo in c++, then you done have to do a web request per attempt.
|
|
|
| Author |
RE: javascript 16 |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
I didn't understand what is the value of checksum so that i can know the password's hash. It is the parameter of the function, but does it get a value if so?  |
|
|
| Author |
RE: javascript 16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
s33us00n wrote:
I didn't understand what is the value of checksum so that i can know the password's hash. It is the parameter of the function, but does it get a value if so?
If that made sense, I should stop with the drugs, because seriously I've got no idea what you want or mean....
I see you are talking about the checksum, so I will just write this,the scblockedript checks your answer against the preset checksum (88something), when you enter password, it goes through the algo, where the checksum is calculated from the password, then the calculated checksum is compared against the given checksum (the 88something ) and if it's equal you win you need to in some programming language "re-write" the algo used to calculate the checksum, and then dictionary attack it ( password has 12 chars and is in format numberwordnumber and the answer makes sense )
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: javascript 16 |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
LOlo)
Sorry for misunderstanding. I understand that the variable sum is calculated from the password and is the hash of the password you type. It is checked against another variable(checksum) which is also the parameter of the function. What i meant was.....what is the value of checksum? Is that the value(88something) you talked about?...or what did you mean by that? |
|
|
| Author |
RE: javascript 16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
s33us00n wrote:
LOlo )
Sorry for misunderstanding. I understand that the variable sum is calculated from the password and is the hash of the password you type. It is checked against another variable(checksum) which is also the parameter of the function. What i meant was.....what is the value of checksum? Is that the value(88something) you talked about?...or what did you mean by that?
It's 88692589, just check the source of the challenge properly, and everything is there
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: javascript 16 |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
|
oops...i didn't see it....sorry. Thanks a lot! |
|
|
| Author |
RE: javascript 16 |
s33us00n
Member
Posts: 19
Location: Bucharest
Joined: 05.04.08
Rank: Uber Elite |
|
OK...i got quite nervous with this challenge. Can somebody tell me what is the password like so i won't get false positives?...When somebody here said wordNUMBERword and the password made sense...i thought that the number would be like 4 meaning "for" and the password will look like life4fun...for example. Somebody told me that the words have the same length(4 letters) and the number has 4 digits....even so after running my program for 2 minutes i got around 15 false positives....and it will finish in around a week. Here are some of them.
[deleted]
The point is that.....this is ridiculous. It sould work with every one of this or it should display none of these. It was better if i got some hints about the password at the beginning..or if it should work with every false positive. This is crazy. Can somebody give me more hints...cause it's impossible to do it without them.
Edited by SySTeM on 04-01-09 17:12 |
|
|
| Author |
RE: javascript 16 |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
The words make sense, somehow. Try a dictionary analysis on the results.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
Main:
