Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 24
Members Online: 0

Registered Members: 82832
Newest Member: SerMSYS
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 14:23
how can i bypass this javascript?

<script language="javascript" type="text/javascript">
// Do not edit
function login(){
var username= document.getElementById('username'Wink.value; // location of username
var password= document.getElementById('password'Wink.value; // location of password
var fullURL= "";
fullURL= "http://xxxxxxxxxxxxx/"+username + password; // compiled filename the loads user-file
location.href=fullURL;
}
</script>




Edited by Mr_Cheese on 24-06-08 16:39
Author

RE: Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 14:53
enter the right username and password into the texts boxes and it will take you to the right page Smile

lol, your best bet would be trying to bruteforce it..
Author

RE: Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 14:57
Been thinking about that too, also tryed to google for some page behind, but didn't find anything so then i start looking for the robots.txt but didn't find anything eather xD.


Author

RE: Bypass this javascript?

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-06-08 16:06
seeing as the username and password are the name of a directory or file.

you could do a dictionary attack on the url and try get common filenames / folders.

check the sites robots.txt? maybe they have a site map?


*also. please note. 20% warn for posting the actual link to the site you wish to "bypass" the login, without providing ownership details *




Edited by Mr_Cheese on 24-06-08 16:40
http://www.hellboundhackers.org/
Author

RE: Bypass this javascript?

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 24-06-08 16:22
Glasklar wrote:
fullURL= "http://xxxxxx/"+username + password;
location.href=fullURL;

It's interesting that the username is directly followed by the password in the URL (not separated as get variables etc); this means that if the username would be "abc" and the password is "123" then you could enter "abc123" as the username and leave the password field blank and still get logged in...

PS. Jävligt sjysst användarnamn du har B) Glasklar ftw ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .

Edited by Mr_Cheese on 24-06-08 16:39
Nope http://uber0n.webs.com/
Author

RE: Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 16:57
Uber0n wrote:
PS. Jävligt sjysst användarnamn du har B) Glasklar ftw ^^


Äsch, så bra är det inte, försök uttala helvetet på engelska Pfft
Author

RE: Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 22:11
Mr_Cheese wrote:
seeing as the username and password are the name of a directory or file.

you could do a dictionary attack on the url and try get common filenames / folders.

check the sites robots.txt? maybe they have a site map?


*also. please note. 20% warn for posting the actual link to the site you wish to "bypass" the login, without providing ownership details *


and when did you prove that it wasn't my site? don't you think you should have a little more information before unleashing the b& hammer?

also do you got any nice articles/lessons or w/e about this dictionary attack?


Author

RE: Bypass this javascript?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 22:15
Glasklar wrote:
Mr_Cheese wrote:
seeing as the username and password are the name of a directory or file.

you could do a dictionary attack on the url and try get common filenames / folders.

check the sites robots.txt? maybe they have a site map?


*also. please note. 20% warn for posting the actual link to the site you wish to "bypass" the login, without providing ownership details *


and when did you prove that it wasn't my site? don't you think you should have a little more information before unleashing the b& hammer?

also do you got any nice articles/lessons or w/e about this dictionary attack?


Shock read wrong, thought it said directory attack, not dictionary xD im use to say bruteforce so i got confiused Shock


Author

RE: Bypass this javascript?

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-06-08 22:16
Glasklar wrote:
and when did you prove that it wasn't my site? don't you think you should have a little more information before unleashing the b& hammer?


Its your job to make sure your own posts are legal and valid, not mine.

Glasklar wrote:
also do you got any nice articles/lessons or w/e about this dictionary attack?


Intellimapper was a web spider that included a dictionary attack function.

might be able to get a copy of that.

failing that, quickly code your own. extremely easy to do.

theargon has several wordlists that may be handy.


http://www.hellboundhackers.org/
Author

RE: Bypass this javascript?

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 25-06-08 09:59
http://www.thearg. . .rgonlists/

COM wrote:
Äsch, så bra är det inte, försök uttala helvetet på engelska Pfft

Glaehssclair? xD


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .

Edited by Uber0n on 25-06-08 10:03
Nope http://uber0n.webs.com/