Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 17
Members Online: 3

Registered Members: 82823
Newest Member: Andyrayfun
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Author

Javascript 16. bruteforce, really

asdfgasdfg
Member

Your avatar

Posts: 5
Location:
Joined: 11.09.13
Rank:
Hacker Level 1
Posted on 14-09-13 20:32
So I finally reached javascript 16 and after reading through the javascript and learning about the algoritm I created my own bruteforce in python, but since the algorithm uses 65 characters brutforcing the password will take forever, I only reach about 100k checksums per second with my python script. Is there some clue I've missed on different characters I can filter or something? Or is it possible to create a bruteforce for 1kk+ checksums per second?

Also I've read though the articles and a lot of threads and most information I can find it that the password is 12 characters long, and may look like this '4LetterWord-4Digits-4LetterWord' without the '-'. 12 characters long with 65 possible characters mean about 6,831,675,453,247,426,400,256 total combinations and then 12 characters long are only rumors.

Edited by Mordak on 14-09-13 21:03
Author

RE: Javascript 16. bruteforce, really

rex_mundi
☆ Lucifer ☆



Posts: 1458
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 15-09-13 19:55
1) The password is 12 characters long
2) The password is in the format wordNUMBERword all lowercase chars.
3) The password 'makes sense'


All those hints referred to when the challenge originally only accepted one answer.

It was changed ages ago to also accept multiple solutions where those rules no longer apply.

However, since you already know the format of the original answer, a simple combined dictionary attack using a common 4 letter wordlist and a list of 4 digit numbers, should take no time at all to complete, in comparison to blindly bruteforcing 12 chars with a full charset.





Edited by rex_mundi on 15-09-13 20:03
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Javascript 16. bruteforce, really

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 21-09-13 14:30
ha,, to me.. in my opinion.. the password DOES not make sense. LOL Pfft
know where to Look
Author

RE: Javascript 16. bruteforce, really

ArgonQ
Member

Your avatar

Posts: 17
Location:
Joined: 20.11.09
Rank:
God
Posted on 21-09-13 19:37
I never did crack the original pass..mmmh think i'll have a try
using python.
begin@19:37-->
end @20:07--> got one but i does not look meaningful Sad

edit
Hmm got some more but still not meaningful, this could take a while.

@asdfgasdfg:
keep your code flat.
try psyco or pypy for speedup.

edit @20:54 got it, hehehe.

Edited by ArgonQ on 21-09-13 20:54
lead to
Author

RE: Javascript 16. bruteforce, really

asdfgasdfg
Member

Your avatar

Posts: 5
Location:
Joined: 11.09.13
Rank:
Hacker Level 1
Posted on 22-09-13 20:54
Yea I'm done with this challenge now, I have to say dictionary attack is the way to go. A medium dictionary and search "4-letter-word 4-digits 4-letter-word" combinding a 12 character long string
Author

RE: Javascript 16. bruteforce, really

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 04-10-13 15:18
the idea of this 4letter word+4digit+4letter word combination has nothing to do with a specific word to be used as a password that makes sense. it is only there to make you think harder!

this challenge is all about getting the right checksum. the password itself must go through the iteration to the point where the position of the character that is given in a order , by using that position number makes a big difference so that is why I had to go through each line combined from 2 wordlists to compare with the checksum using my php script, I got a long list of passwords, and all of them worked...

that is why I said the password does not make sense lol.


know where to Look
Author

RE: Javascript 16. bruteforce, really

Euforia33
philalethes



Posts: 867
Location:
Joined: 05.10.09
Rank:
God
Posted on 05-10-13 00:43
That is basically how I solved it but word lists or dictionary attacks aren't really necessary. Just set a charset and it will spit out a working "password" in less than a second, at the time it seemed more like coding a keygen than anything else, but that was just my approach.
Author

RE: Javascript 16. bruteforce, really

FikretPhh
Member

Your avatar

Posts: 2
Location:
Joined: 15.08.11
Rank:
God
Posted on 07-10-13 16:10
To those that might still be having trouble with this, check that your "tab" variable contains the right number of space characters (copy pasting from the site can cut off some of them, and they do matter for the reverse algorithm). If u need help just PM me it really isn't that hard Smile