| Author |
JS16 completion time |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
   
|
| Author |
RE: JS16 completion time |
mido
Member
Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank: God |
|
since it released not yet 
|
|
|
| Author |
RE: JS16 completion time |
mikispag
Member
Posts: 43
Location: Italy
Joined: 14.11.06
Rank: God |
|
Well as you know I'm still cracking it...  |
|
|
| Author |
RE: JS16 completion time |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
i decided that i don't consider bruteforce a sane skill for javascblockedript hacking because of spam filters..
silly challenge not worth my time
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: JS16 completion time |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
you realise the BF was meant to run locally right? and not make like a bajillion calls to the site?
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: JS16 completion time |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: JS16 completion time |
mozzer
Member
Posts: 339
Location: Password Land
Joined: 21.01.06
Rank: God |
|
I heard system did it in 5 minutes, boy would I like to see that source
I will be back |
|
|
| Author |
RE: JS16 completion time |
SySTeM
-=[TheOutlaw]=-
Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank: The Overlord |
|
|
mozzer wrote:
I heard system did it in 5 minutes, boy would I like to see that source
And who said that...?
|
|
|
| Author |
RE: JS16 completion time |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
|
sakarin wrote:
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
I gave serious thought to correcting it....
But then I thought "If i was using this on a real site (suspend disbelief here people!), would i change this?"
Would you?
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: JS16 completion time |
mozzer
Member
Posts: 339
Location: Password Land
Joined: 21.01.06
Rank: God |
|
|
system_meltdown wrote:
And who said that...?
Richo, on his dev server
I will be back |
|
|
| Author |
RE: JS16 completion time |
sakarin
Member
Posts: 330
Location:
Joined: 11.05.06
Rank: HBH Guru |
|
yes i was refering to that comment. and i answered that when you first said it. i said yes you could consider it a feature on a realistic mission.
which brings me back to my first post on this topic.
and all the other ones. this javascblockedript challenge doesn't test any javascblockedript knowlege apart from being able to read it..
yes it's clever (but not a new concept) yes it's not impossible and should be kept, no it should't be on the javascblockedript section.
Rebirth, Lemmingmolester,Xmadx and jcqguill have done it.
Hex tut, JS tut, Sig challenge, some challenges i made |
|
|
| Author |
RE: JS16 completion time |
Happysmileman
Member
Posts: 347
Location:
Joined: 02.08.06
Rank: HBH Guru |
|
|
richohealey wrote:
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
I haven't gotten past 7 digits yet with my C++ brute forcer... I have a feeling I'm going about it the wrong way
zalifer wrote:
ww3 will start from a head of state saying to another "can you look over this action scblockedript for my flash presentation on world peace" and the other replying "forgot to close those parenthesis, also your formatting is kind of gay" |
|
|
| Author |
RE: JS16 completion time |
mrkidd0
Member
Posts: 15
Location:
Joined: 11.02.07
Rank: Mad User |
|
ive been looking for a different way to do this other than bf... i guess there isnt. so has everyone used c++ or javascblockedript?
|
|
|
| Author |
RE: JS16 completion time |
xtrmsk8r91
Member
Posts: 157
Location: /root
Joined: 16.10.05
Rank: Uber Elite |
|
I coded a bruteforcer in C but it's not nearly fast enough, I'm still working on optimizing it.
|
|
|
| Author |
RE: JS16 completion time |
mrkidd0
Member
Posts: 15
Location:
Joined: 11.02.07
Rank: Mad User |
|
ok i deffinately need to know now if there could be some possible problems with coding it in javascblockedript... because i have my code now and once i finish some small tests im running it so if there are any issues tell me now.
|
|
|
| Author |
RE: JS16 completion time |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
Don't try it in javascblockedript it will slow your browser and way too slow I'm using C++ but have shitloads of answers but no solution????
Challenge is unreal to the point of you could never log in right.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: JS16 completion time |
contmp
Member
Posts: 36
Location: behind shadows of proxy servers and redirectors
Joined: 27.01.07
Rank: Newbie
Warn Level: 5
|
|
well the question remains..... I wonder if it can be brute-forced in a reasonable time. which is in my case < 2h
because my patience is limited.  |
|
|
| Author |
RE: JS16 completion time |
johnjuan728
Member
Posts: 444
Location: P'cola
Joined: 21.11.06
Rank: HBH Guru |
|
*Off Topic* Yes Korg, much better. ^_^ */Off Topic*
Pwn3d the 'last post' thread 
"Semper Fi De Oppresso Liber"
Always faithful to liberate the oppressed
The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons.
THESE ARE MINE: ^_^, ^_-, -_-, ^_^Vm, and ^_^..|.., hehe ©
Now lets not make Richo have to come and clean up our sigs ever again, k? |
|
| Author |
RE: JS16 completion time |
Arto_8000
Member
Posts: 275
Location:
Joined: 28.03.06
Rank: HBH Guru |
|
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascblockedript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
♥♣♦♠ PHP/Javascblockedript/AJAX, XSLT/XML, CSS Design, Javascblockedript POO, PHP 5 POO, SQL, Java (Swing & Servlet), C, C++, ASM, Forth ♥♣♦♠
If you need help in any domain that I have listed, I can help you. |
|
|
| Author |
RE: JS16 completion time |
hts007
Member
Posts: 782
Location:
Joined: 17.02.07
Rank: God
Warn Level: 50
|
|
|
Arto_8000 wrote:
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascblockedript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
Ok someone correct me if I am wrong here, but according to my calculations, the password is at least 10 characters long.
function Check(checksum)
{
var tab = " azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
var entry = document.forms[1].elements[0].value;
var n = entry.length;
var sum = 1;
for(var i=0;i<n;i++)
{
var index = tab.indexOf(entry.substring(i,i+1));
sum = sum+(index*n*i)*(index*i*i);
}
if(sum==checksum)
{
window.location = entry+".php";
}
else
{
alert("Wrong Pass!! Try Again.");
}
return false;
}
Since the checksum is calculated using the sum of muliplication, if we put in all @ as our password, the max sum for 9 characters (using all @) gives us a sum of 84272401, which is less then checksum of 88692589. I hope I am wrong becuase at this point the only solution seems to be a bruteforce, which at 10 chars can take ages to run. |
|
|
Main:
