| Author |
Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
system_meltdown wrote:
sakarin wrote:
oh and system meltdown is the only person apart from richo with this chall complete. probably because he has to accept the challenges so he views them before hand..
1: I don't cheat.
2: I beat this when Richo sent it to me, and I had no help from him.
3: I have to view them before hand? It's a Javasc blockedript challenge, all I had was the sc blockedript, I had to beat it before I could set up a completion page.
Ok, I understand that your the alimighty and shit but give me a fuckin break. The Bruteforcer I have wrote has spit out over 135,00 false positives in less than 10 minutes, and I am only 9 characters in (working on a 12 character password).
here's only a handful of them... anf by my calculations that means my bruteforcerwill spit out 2,460,375,000,000,000 - yeah that's over 2 quadrillion false positives or 2 * 1000 billion. And some one mentioned grepping the hash collisions. OK, come on be real. This challenge is BS. And if you beat it, its because someone helped you.
I guess most people will never even get a bruteforcer that can get to first combination in the first place. This challenge is bullshit.
List of passwords that fit the checksum, but weren't the answer. System's fixed this up, though, so that all possible answers are real answers. Enjoy -Futility
Edited by Futility on 04-01-09 04:47 |
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
|
Also, did I mention that my bruteforcer only uses alphanumeric chars?? |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
maybe there is something wrong with your bruteforcer. i personally don't like this challenge because its not really a javascblockedript challenge. you could complete this with a minimal knowledge of JS as long as you had a good bruteforcer.
but i don't think its good to express your dislike for this challenge in this way. if you think its bullshit just don't do it and move on to the next thing.
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
thanks.... just frustrated with this one. I posted the code to my brute forcer. Obviously, a plain bruteforcer would take 100's of years to crack this, no matter how well optimized it is.
The problem is that there are billions of false positives. it this bruteforcer where ran against say an NTLM Hash or LAN Man hash it would crack any password no matter how long in just seconds.
How are we expected to beat this challend with all of the false positives. |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
well i don't know much about any programming at all but would you be able to make it so it would output all the positives to a txt file and then have another program try every entry in the file on the challenge so you wouldn't have to enter every one manually.
like i said i don't know to much about programming
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
SwartMumba
Member
Posts: 292
Location: TX <--- I'm here
Joined: 18.09.07
Rank: Uber Elite |
|
|
fallingmidget wrote:
well i don't know much about any programming at all but would you be able to make it so it would output all the positives to a txt file and then have another program try every entry in the file on the challenge so you wouldn't have to enter every one manually.
like i said i don't know to much about programming
Yes. Although sending a request to the server does not happen in a blink of an eye so the possible answers might pile up. It will also create a great deal of requests and most sites don't like an overwhelming amount of requests from one person Think of what would happen if we were all to run our scblockedripts to submit our possible answers for JS16...
Edited by SwartMumba on 19-05-08 05:41 |
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
|
fallingmidget wrote:
well i don't know much about any programming at all but would you be able to make it so it would output all the positives to a txt file and then have another program try every entry in the file on the challenge so you wouldn't have to enter every one manually.
like i said i don't know to much about programming
to be honest, I don't think there is enough hard drive space to save that many combinations. I would literally take terabytes upon terabytes of hard drive space, hence the comment about grepping the collisions. |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
system_meltdown wrote:
sakarin wrote:
oh and system meltdown is the only person apart from richo with this chall complete. probably because he has to accept the challenges so he views them before hand..
1: I don't cheat.
2: I beat this when Richo sent it to me, and I had no help from him.
3: I have to view them before hand? It's a Javasc blockedript challenge, all I had was the sc blockedript, I had to beat it before I could set up a completion page.
@meltdown: This is no accusation, just a question: If you only had the JS, how did you know you got the right pass when cracking it? As we've all already seen; there are tons of possibilities...
fallingmidget wrote:
would you be able to make it so it would output all the positives to a txt file and then have another program try every entry in the file on the challenge so you wouldn't have to enter every one manually.
If you would run the request with each password directly (not saving them to a file) you wouldn't have to concern about the HDD space, but it's still like asking for a DoS  I can't believe that's the meaning of the challenge.
http://uber0n.webs.com/ |
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
i just think this one should belong in the programming section not the JS section. i know my share of JS and i can't get this one. I'm just going to try and find a way to do it without a bruteforcer
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
Your not going to do it without bruteforcing it. Been on this one a while off and on. I think I got it down now optimized with the checksum.
Let you guy's know later it will still have to run awhile.
@hts007 Did you have to spam every js-16 thread??
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Of course it's bullshit. They use PHP to validate Javascblockedript, it's unfair. If it was "just" the Javascblockedript you could've ported this to any other lowlevel-language and you would've cracked it in a few hours.
But noooooooo.
This challenge is bullshit indeed.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert
Edited by spyware on 19-05-08 18:14 |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
|
@hts007 Did you have to spam every js-16 thread??
WTF? by responding to post's that makes it spam? Each response is something different, most offering other's help, or atleast insight into where I am in this challenge. And this thread, I was venting, hoping to get some kind of direction on where to go with this... because after my list of combinations hit over 20 million I killed the app.
I don't considered my postings spam. |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
|
spyware wrote:
It it was "just" the Javascblockedript you could've ported this to any other lowlevel-language
would be nice if i knew what you were talking about. and how you do that.
sorry if this seems ignorant
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
fallingmidget wrote:
would be nice if i knew what you were talking about. and how you do that.
sorry if this seems ignorant
The first "It" in my post should've been an "If" (edited now), anyway, if this doesn't clear things up, let me explain: Javascblockedript is client-side (this is why you can view the source of Javascblockedript), PHP is server-side. Challenge 16 uses PHP to validate your answer, but Javascblockedript to generate one (well, not one, but millions as we've all seen). This is unfair. If the challenge used Javascblockedript to validate the code (and therefore nullify the security of this system) you could've recoded this challenge in any other language (or use Javascblockedript to alert() your answer, like you can always do).
This challenge HAS NOTHING to do with Javascblockedript. It merely uses it's mathematical functions to generate TONS of answers, one of them is correct. Like stated previously, it's bullshit.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
so do you honestly believe it is bullshit or is this a way of mimicking the other guy.
i don't know to much about making a bruteforcer or even how to use it on the site like that.
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
fallingmidget wrote:
so do you honestly believe it is bullshit or is this a way of mimicking the other guy.
This challenge is as broken as Arrow in Oklahoma. I am DEAD serious.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
is that why you chose not to do it or did you attempt it and decide not to bother anymore.
|
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
fallingmidget wrote:
is that why you chose not to do it or did you attempt it and decide not to bother anymore.
I don't care for the challenges at all, but the reason I hate this one is because it implies it has something to do with Javascblockedript, it actually doesn't.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
just an update..
34,281,474,976,710,656 combinations tested and so far 45, 327, 887 strings match the checksum generated via the Javascblockedript, and from starting at aaaaaaaaaaaa, It's currently on something lik aTREds9Craa. At this rate I'll die before it finishes. |
|
|
| Author |
RE: Javascript 16 is bullshit, don't even waste your time |
SySTeM
-=[TheOutlaw]=-
Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank: The Overlord |
|
Password format: wordNUMBERword.
|
|
|
Main:
