| Author |
RE: js16 |
Sandman
Member
Posts: 7
Location: meh
Joined: 16.01.08
Rank: Hacker Level 1 |
|
|
Yeah you do, but I also think its necessary to fiddle with the function a little bit. I found out a lot as to the parameters of where the bruteforcer should search and how to search it just by messing with the function a bit |
|
| Author |
RE: js16 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
Ok, so you all know.
a) this challenge requires bruteforcing, it's really an exercise in creating a decent Brute forcer.
 the result makes sense, so take that how you will (it's a hint at a refining algorithm)
c) i'll dig out my solution source and post it on the complete page
d) For the last time, this WOULD constitute a more secure than usual JS login, this is demonstrated in the number of people stumped by it.
e) i didn't say secure!! MORE SECURE THAN USUAL </flame dodge>
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
  
|
| Author |
RE: js16 |
bandi999
Member
Posts: 12
Location:
Joined: 01.12.07
Rank: God |
|
Hi,
richohealey wrote:
c) i'll dig out my solution source and post it on the complete page
I'm waiting for someone to do this all the time.
Still claiming there is no solution without having hints!
Please show me I'm wrong.
Greetz |
|
|
| Author |
RE: js16 |
extreme_BS
Member
Posts: 2
Location:
Joined: 13.03.08
Rank: Wiseman |
|
|
I'll try to write a BF over the weekend...it's gonna be hard since I have a parade on Saturday...using C++ because that's my best language and it's the fastest (efficiency-wise) that I can write. |
|
|
| Author |
RE: js16 |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
Maybe I'll make another attempt as well  this is a really good challenge since it actually requires some skills in coding ^^
http://uber0n.webs.com/ |
|
|
| Author |
RE: js16 |
guana
Member
Posts: 5
Location:
Joined: 01.02.08
Rank: Mad User |
|
|
This one is tough! The checksum is 88692589, and 88692589 is divisible by 1, 19, 37, .. The textfield has a max of 20 characters so I'm assuming the password is 19 chars long. This is because in the loop you have sum += n*(stuff), which is the same as sum += stuff and after the loop sum *= n. And it can't be a single charecter because no matter what it always results in 1. This is the easy part, still have to figure out an efficient way to brute force it.. Is the only way just to check all possible permutations, or is there a better algorithm? I haven't even tried because with 19 elements and 86 different values for the elements there are so many possibilities it would take ages.. or am I wrong here? |
|
|
| Author |
RE: js16 |
fallingmidget
Banned
Posts: 1138
Location: *.*
Joined: 18.09.07
Rank: God
Warn Level: 100
|
|
i still think theres a way to do it without using a brute forcer. thats just my opinion.
|
|
|
| Author |
RE: js16 |
guana
Member
Posts: 5
Location:
Joined: 01.02.08
Rank: Mad User |
|
|
fallingmidget wrote:
i still think theres a way to do it without using a brute forcer. thats just my opinion.
Well you keep saying that, but have you actually solved it without using brute force? Are you basing this on anything?
|
|
|
| Author |
RE: js16 |
shadowls
You Like this!
Posts: 836
Location: look behind you
Joined: 07.12.06
Rank: Godlike |
|
they best way to do it is code a brute forcer and just run it till it cracks it. mine took me over two weeks to crack it.
If you think my post are useful to you, please vote for them. Thank You
knowledge is powerful itself - SHADOWLS
Made by:agentmax69, but remastered by: KvK
Respects:
Mr_cheese
system_meltdown
rex |
|
| Author |
RE: js16 |
bandi999
Member
Posts: 12
Location:
Joined: 01.12.07
Rank: God |
|
@guana
you are on the right track with ur pw length calculation, but the result might be wrong. Just remember what u wrote about the pw's with length 1.
And remember: knowing the pw's lenth doesn't help u so much
@shadowls
once again someone has written this super brute forcer and I'm quite sure once again if he is aked to proof this he wont answer, has lost this super program, is afraid someone steels his knowledge or it turns out he has some additional infos about the pw.
Greetz
|
|
|
| Author |
RE: JS 16 is bullshit. |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
system_meltdown wrote:
sakarin wrote:
oh and system meltdown is the only person apart from richo with this chall complete. probably because he has to accept the challenges so he views them before hand..
1: I don't cheat.
2: I beat this when Richo sent it to me, and I had no help from him.
3: I have to view them before hand? It's a Javasc blockedript challenge, all I had was the sc blockedript, I had to beat it before I could set up a completion page.
Ok, I understand that your the alimighty and shit but give me a fuckin break. The Bruteforcer I have wrote has spit out over 135,00 false positives in less than 10 minutes, and I am only 9 characters in (working on a 12 character password).
here's only a handful of them... anf by my calculations that means my bruteforcerwill spit out 2,460,375,000,000,000 - yeah that's over 2 quadrillion false positives or 2 * 1000 billion. And some one mentioned grepping the has collisions. OK, come on be real. This challenge is BS. And if you beat it, its because someone helped you.
I guess most people will never even get a bruteforcer that can get to first combination in the first place. This challenge is bullshit.
[deleted]
Edited by SySTeM on 04-01-09 17:19 |
|
|
| Author |
RE: js16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
I started to write my BTforcing code to solve this challenge, and I wanted to ask, has anybody here solved it with dictionary attack, because so far I haven't found any good dictionary to do that... 
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: js16 |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
I first started this with a brute forcer, got too many valid answers. System then posted a "wordNUMBERword" format of the password.
I then wrote two programs.
1- To generate my own wordlist making some assumptions about the problem.
2- A dictionary attack that, when the wordlist was right, solved in a few seconds.
This is atleast how I did it.
I'm sorry, I cant hear you over the sound of how awesome I am! |
|
|
| Author |
RE: js16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
|
stdio wrote:
I first started this with a brute forcer, got too many valid answers. System then posted a "wordNUMBERword" format of the password.
I then wrote two programs.
1- To generate my own wordlist making some assumptions about the problem.
2- A dictionary attack that, when the wordlist was right, solved in a few seconds.
This is atleast how I did it.
Ok just to specify it, did you generate it like basically bruteforcing (aaa111bbb,bbb111ccc) or did you combine several wordlists to create the right format for the challenge ?
Also can't help it but your avatar is so damn funny !
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: js16 |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
Damn Double Posting
I'm sorry, I cant hear you over the sound of how awesome I am!
Edited by stdio on 25-06-08 23:22 |
|
|
| Author |
RE: js16 |
stdio
Member
Posts: 375
Location: omnipresent
Joined: 06.04.08
Rank: God |
|
I basically knew the words would be English language(as they are in most challenges). The password length is also 12 (Mathmatically proven by Zues). So I made assumptions about the number and used a std dictionary to form 12 character passwords in that format. Granted the first letter of the password has sum = 0 so it actually solved before I got the real password, but if you get that right, you will obviously know what the answer should be,
I'm sorry, I cant hear you over the sound of how awesome I am! |
|
|
| Author |
RE: js16 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
|
stdio wrote:
I basically knew the words would be English language(as they are in most challenges). The password length is also 12 (Mathmatically proven by Zues). So I made assumptions about the number and used a std dictionary to form 12 character passwords in that format. Granted the first letter of the password has sum = 0 so it actually solved before I got the real password, but if you get that right, you will obviously know what the answer should be,
Al right then, thanks for reply. as I can see there are quite a lot hints on this one, so hopefully eventually I will solve it
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: js16 |
lokipaki
Member
Posts: 2
Location:
Joined: 20.08.08
Rank: Guest |
|
nasty one.
Ok, made myself a scblockedript to adjust the password by randomly increasing/decreasing a position, works very quick (a couple of seconds). The problem is there are more passwords that match. Found theese for example
[deleted]
...
They don't give any error allert but ... page not found. How many random passwords match like this?... I think there must be another hint somewhere.
The password as many said has 12 characters
Also if you haven't noticed first letter is obsolete.
Here is the php scblockedript. You can start with any sequence (but I've used numbers, the password is displayed in the end)
<?
$tab = " azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
$checksum=88692589;
$power=Array(0, 1, 8, 27, 64, 125, 216, 343, 512, 729, 1000, 1331);
$number=Array(19,19,19,19,19,19,19,19,19,19,19,19);
$sum=0;
$n=12;
while ($sum!=$checksum)
{ $sum=1;
for($i=0;$i<12;$i++) $sum+=$n*$number[$i]*$number[$i]*$i*$i*$i;
if ($sum==$checksum) break;
$a=rand(1,11);
if($sum<$checksum) {
if($number[$a]<86) $number[$a]++;
}
elseif ($sum>$checksum) {
if($number[$a]>19) $number[$a]--;
}
else echo "[".($sum-$checksum)."]".implode(",",$number)."<br>";
}
for ($i=0;$i<12;$i++) echo $tab[$number[$i]];
?>
Edited by SySTeM on 04-01-09 17:22 |
|
|
| Author |
RE: js16 |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
Loads of people dont like these 'false positives', because in a real challenge, they would be accepted as correct. In this one however, you have to find the exact pass. There are lots of threads, so to save you trawling them, here are the hints:
1) The password is 12 characters long
2) The password is in the format wordNUMBERword
3) The password 'makes sense'
With these 3 hints, write a decent bruteforcer in your chosen language, you could have it in under an hour (I did). Obviously it would take forever to make that may web requests, so I would rewrite the encryption algo in your chosen language, then you can try more passwords / second, without killing your internet.
|
|
|
| Author |
RE: js16 |
lokipaki
Member
Posts: 2
Location:
Joined: 20.08.08
Rank: Guest |
|
|
Thank you (I kind of enjoyed my scblockedript, don't like brute much but I'll think on something) |
|
|
Main:
