| Author |
timed 3 - quick question |
deleted
Member
Posts: 21
Location: Sweden
Joined: 09.05.08
Rank: Hacker Level 3 |
|
just wanted to know if the wordlist changes in timed 3...
i.e. can i just download the wordlist then find the md5 hashes and compare them to the given one? or do i have to convert the words at runtime?
 |
 
|
| Author |
RE: timed 3 - quick question |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
It doesn't change, but getting all the hashes would be little time consuming, don't you think. Just encrypt all the passwords and compare theme to the give one... Dunno what language are you using, but in code bank you can find pel scblockedripts I used to solve those
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: timed 3 - quick question |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
Yeah, without being too language specific, you can either convert the hash the wordlist, then use that in your program, or have it all built in, but make sure to hash all the words before you make the request for the page, it saves time.
|
|
| Author |
RE: :P |
deleted
Member
Posts: 21
Location: Sweden
Joined: 09.05.08
Rank: Hacker Level 3 |
|
well to be honest im using c++ but i have no idea how to interact with webpages  , but i wrote a program already that hashed the wordlist into a new file. so using that file im trying to write a PHP scblockedript.
I was thinking of using two arrays and one index counter. then just strcmp() the hasharray[i] and the one on the webpage and then using that index to get the plaintext. (i'm really new to PHP so i couldnt be bothered with associative arrays  ). Having never used PHP before, do you think will this be efficient enough to find the plain text in the time limit?
ps. i wrote the c++ program to output PHP array declarations... so i have a PHP scblockedript with two 100 element arrays in it. So all the hard work is already done!
sorry im really bad at explaining stuff
|
|
|
| Author |
RE: timed 3 - quick question |
Johnson
Member
Posts: 29
Location:
Joined: 25.06.05
Rank: God |
|
If you're using PHP try setting up an associative array for looking up a
hash. So, before you connect to the webserver, open the wordlist and
generate a hash for each word, using the hash as the key for each word in
the associative array.
Then, later on when you're accessing the page, all you have to do is grab
the hash, look it up in the associative array and post the answer.
PS. If you need help with associative arrays check out this guide, it is NOT
as hard as you may think it is. Just consider them an array using a string
as the index, rather than a integer.
http://phpjournal.blogspot.com/2004/11/php-associative-arrays.html |
|
|
| Author |
RE: timed 3 - quick question |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
Just hash up the whole wordlist before yous rtart, dump it in an array first, and then make the pull fromt he site, then you only need to compare the hash and pull it from an array.
Depending on what language you're in you can optimise this lookup process to varying degrees.
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
| Author |
RE: timed 3 - quick question |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
Im sure richo will back me up here, python makes this dead easy, using a dictionary data structure, you can create entries in the format plaintext:hash, so you can compare the hashes and retrieve the plaintext with no hashing during the timed part. Im sure PHP has a similar data type. I'd give that a go.
gl
*edit* - By the looks of it those 'associative arrays' are the equivalent for PHP.
Edited by jjbutler88 on 23-06-08 13:49 |
|
|
| Author |
RE: timed 3 - quick question |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
That's it, jj.
Anyway, yeah, either approach will work.
I can't attest to it, but i'm told that a mixture of urllib2 and cookiejar makes this easy.
I decided to be a smartass and wrote my own http retriever, it was faster.
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: timed 3 - quick question |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
Yeah I used urllib2 and cookiejar and once I wrote the request framework, I reused it for all the timed challenges. Naturally if you're not a python wizard like richo you wont be writing your own libraries  . Would be interested to see them though richo, any chance of posting them on ure freewebs/code bank/PMing them to me?
cheers
|
|
|
| Author |
RE: timed 3 - quick question |
deleted
Member
Posts: 21
Location: Sweden
Joined: 09.05.08
Rank: Hacker Level 3 |
|
allright, thanks for the help guys. will let you know how it goes...
|
|
|
| Author |
RE: timed 3 - quick question |
Mouzi
Member
Posts: 144
Location: Finland
Joined: 08.08.06
Rank: God |
|
Wait, you were supposed to hash the wordlist first and then compare? :D I added a MD5 function to my Javascblockedript when I did that challenge.
Steganographs |
|
|
| Author |
RE: timed 3 - quick question |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
All I gotta say is: "Dont look now your momma's got her boobs out. Showin everybody in town"-Rodney carrington. lol, man when it doesnt make sense take a break. So chill out and let the answer come.
|
|
|
| Author |
RE: last question :P |
deleted
Member
Posts: 21
Location: Sweden
Joined: 09.05.08
Rank: Hacker Level 3 |
|
okay so forgive my lack of focus but i,m now writing it in greasemonkey and ive written it all and it works fine...but heres the thing. how the f**k do you search a webpage as if its a string in javascblockedript? Thats the only part missing and then i can actually do all 4 challenges....
yeah so: can some one help me?
ps. me no likey python , beautifulsoup! say what?
edit - okay! so noone know how one may handle a website as a string?
Edited by deleted on 03-07-08 07:13 |
|
|
| Author |
RE: timed 3 - quick question |
The_Gman
Member
Posts: 30
Location:
Joined: 02.09.08
Rank: Mad User |
|
What kind of hash is it?
Right now i md5.new, md5.update, and md5.digest, throw it all in a dictionary, and compare, but md5 sums have no alphanumeric characters, including null bytes, but these are just alphanumeric, am i doing the correct hash
Thanks |
|
|
| Author |
RE: timed 3 - quick question |
SwartMumba
Member
Posts: 292
Location: TX <--- I'm here
Joined: 18.09.07
Rank: Uber Elite |
|
|
>>> from hashlib import md5
>>> md5('SwartMumba').hexdigest()
'b55a71963c5a1eed3dcd00f54576b80c'
>>> print 'or'
or
>>> import md5
>>> md5.new('SwartMumba').hexdigest()
'b55a71963c5a1eed3dcd00f54576b80c'
>>> 'b55a71963c5a1eed3dcd00f54576b80c'=='b55a71963c5a1eed3dcd00f54576b80c'
True
>>>
|
|
|
| Author |
RE: timed 3 - quick question |
The_Gman
Member
Posts: 30
Location:
Joined: 02.09.08
Rank: Mad User |
|
hah, added three characters 'hex' to my code and I got it on my first run.
I also got lucky with my internet speed and managed to get timed 1 in time. |
|
|
| Author |
RE: timed 3 - quick question |
Infam0us
Member
Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank: HBH Guru |
|
|
K_I_N_G wrote:
All I gotta say is: "Dont look now your momma's got her boobs out. Showin everybody in town"-Rodney carrington. lol, man when it doesnt make sense take a break. So chill out and let the answer come.
Thats curious why is your joined date and rank reversed?
"Never memorize what you can look up in books." -Albert Einstein
[img]javasc ript:alert(document.cookie);[/img] |
|
|
Main:
