Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 15
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 1 of 2 1 2 >
Author

JS16 completion time

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 12-07-07 17:27
I'm curious, how long did it take you all?

The fastest i've heard of was 58 mins.


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: JS16 completion time

mido
Member

Your avatar

Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank:
Monster
Posted on 12-07-07 17:41
since it released not yet Grin


www.hellboundhackers.org/sig/r/16019.png

mido_eg3[at]hotmail.com
Author

RE: JS16 completion time

mikispag
Member



Posts: 43
Location: Italy
Joined: 14.11.06
Rank:
Newbie
Posted on 12-07-07 17:46
Well as you know I'm still cracking it... Sad
http://www.trovatel.net
Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-07-07 18:56
i decided that i don't consider bruteforce a sane skill for javascript hacking because of spam filters..

silly challenge not worth my time


Author

RE: JS16 completion time

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 12-07-07 20:38
you realise the BF was meant to run locally right? and not make like a bajillion calls to the site?


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-07-07 20:44
yes and then read them all in hopes of finding one that looks like it..

it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-07-07 21:28
I heard system did it in 5 minutes, boy would I like to see that source


Author

RE: JS16 completion time

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 12-07-07 21:37
mozzer wrote:
I heard system did it in 5 minutes, boy would I like to see that source


And who said that...?


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: JS16 completion time

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 12-07-07 21:51
sakarin wrote:
yes and then read them all in hopes of finding one that looks like it..

it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.


I gave serious thought to correcting it....

But then I thought "If i was using this on a real site (suspend disbelief here people!), would i change this?"

Would you?


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-07-07 22:39
system_meltdown wrote:
And who said that...?


Richo, on his dev server


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-07-07 00:35
yes i was refering to that comment. and i answered that when you first said it. i said yes you could consider it a feature on a realistic mission.
which brings me back to my first post on this topic.

and all the other ones. this javascript challenge doesn't test any javascript knowlege apart from being able to read it..

yes it's clever (but not a new concept) yes it's not impossible and should be kept, no it should't be on the javascript section.


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-07-07 18:51
richohealey wrote:
I'm curious, how long did it take you all?

The fastest i've heard of was 58 mins.


I haven't gotten past 7 digits yet with my C++ brute forcer... I have a feeling I'm going about it the wrong way


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-07 21:52
ive been looking for a different way to do this other than bf... i guess there isnt. so has everyone used c++ or javascript?


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-07 22:04
I coded a bruteforcer in C but it's not nearly fast enough, I'm still working on optimizing it.


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-07 01:46
ok i deffinately need to know now if there could be some possible problems with coding it in javascript... because i have my code now and once i finish some small tests im running it so if there are any issues tell me now.


Author

RE: JS16 completion time

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 28-07-07 04:08
Don't try it in javascript it will slow your browser and way too slow I'm using C++ but have shitloads of answers but no solution????
Challenge is unreal to the point of you could never log in right.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-09-07 20:31
well the question remains..... I wonder if it can be brute-forced in a reasonable time. which is in my case < 2h

because my patience is limited. B)
Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-09-07 21:37
*Off Topic* Yes Korg, much better. ^_^ */Off Topic*


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-09-07 03:37
Here are simple calcul that can give an idea of how long the password is :

x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.

(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076

So this mean the password should have around 6 to 8 caracter.

BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"


Author

RE: JS16 completion time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-05-08 03:11
Arto_8000 wrote:
Here are simple calcul that can give an idea of how long the password is :

x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.

(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076

So this mean the password should have around 6 to 8 caracter.

BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"


Ok someone correct me if I am wrong here, but according to my calculations, the password is at least 10 characters long.

Code

function Check(checksum)
{
   var tab = "                   azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
   var entry = document.forms[1].elements[0].value;
   var n = entry.length;
   var sum = 1;
   for(var i=0;i<n;i++)
   {
      var index = tab.indexOf(entry.substring(i,i+1));
      sum = sum+(index*n*i)*(index*i*i);
   }
   if(sum==checksum)
   {
      window.location = entry+".php";
   }
   else
   {
      alert("Wrong Pass!! Try Again.");
   }   
   return false;
}




Since the checksum is calculated using the sum of muliplication, if we put in all @ as our password, the max sum for 9 characters (using all @) gives us a sum of 84272401, which is less then checksum of 88692589. I hope I am wrong becuase at this point the only solution seems to be a bruteforce, which at 10 chars can take ages to run.
Page 1 of 2 1 2 >