HellBound Hackers
Join us at IRC!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, May 25, 2012
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Members Online
Total Online: 23
Web Spiders: 9
Guests Online: 21
Members Online: 2
ryder123, Mordak

Registered Members: 70208
Newest Member: andresuran
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions
Author

Paul Johnston's javascript-MD5 digest algorithm
chronicburst
Member

Posts: 466
Location: /root/
Joined: 03.01.08
Rank: Elite
Posted on 16-01-09 02:19
Hey again, looking for some incite.
Paul Johnston, an Information Security employee for HBOS, "one of the major UK banks," developed this neat encryption known as "RFC 1321."
RFC 1321 explained:
http://www.faqs.org/rfcs/rfc1321.html

RFC 1321 is the algorithm used in the "Cymphonix" filter to restrict unnecessary servers or websites.
For example if I were to visit "http://addictinggames.com/" the filter would return the following:

<scblockedript language=3DJavascblockedript>
function submit() {
var pass =3D document.getElementById('pass').value;
var url =3D =
"http://addictinggames.com/?CFBData=3D3BEDBDCE92AC4048F4651F32EBEDD05F_1"=
;
if ((pass !=3D '') && (pass !=3D null)) {
url +=3D '*' + hex_md5(pass);
document.location.href =3D url;
}
}
</scblockedript>

So for starting, the URL would be:
http://addictinggames.com/?CFBData=3D3BEDBDCE92AC4048F4651F32EBEDD05F_1

Now with the URL I would have to attach on the following:
url +=3D '*' + hex_md5(pass);


I just noticed:

<FORM id=3Dpass_form name=3Dpass_form =
action=3Djavascblockedript:submit();>Bypass=20
password: <INPUT id=3Dpass type=3Dpassword name=3Dpass> <INPUT =
type=3Dsubmit value=3DSubmit name=3DSubmit></FORM>

Maybe I could void the id and gain some authority over the scblockedript or inject my own "3Dpass". Has something to do with 464-Bit phrase or a multiple of 16, or 32-Bit phrase. It beats the hell out of me.
Moreover, I am unsure and may seriously need that advil now. Well if you know any methods of decryption or bypassing this to get the "Bypass Password" then I would be thrilled to read whatever you can offer me. From flames to.. brainfuck.

Ill check up on this one later. If you know anything about where I may find the database the hash is stored in, I am all ears. Thanks, talk to you all sooner or later.
-Nave


Edited by chronicburst on 16-01-09 02:24
chronicburst at yahoo dot com http://hellboundhackers.org
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 

 

Links

Anime Wallpaper Site
By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2008- 2009. Since 3rd December 2004.

20612410 Unique Visits

Powered by HBH-Fusion