Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82856
Newest Member: djtonyg
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-12-07 19:27
recently, my friend made a website with a login page. I hacked the site once but he made a few changes. He set up a javascript alert when the password was wrong to not allow you to go to the next page. The password was encrypted as well as the source. I easily decrypted the source, leaving the password and username. All that is need is the password because it is only tacked on the end of the html to go to the next page. the password was encrypted but im not sure how to decrypt it or what kind of decryption it is. the password is written as 200011356469039500000. Anyone have ideas on how to decrypt the password?
Author

RE: Hacking website. password encryption

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 05-12-07 21:43
Have you tested so that the number itself isn't the plaintext password? Pfft


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Hacking website. password encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 05-12-07 21:56
Source.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-12-07 03:34
no the password is not the plain text, i have tried that. the source is as follows
Code
<script>
<!--
document.write(unescape("<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Please Login</title>
</head>

<body background="images/radiance1920.jpg">

<div align="center">
<script>

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}

if(usercode==1802342563829500000&&passcode==200011356469039500000)

{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}
</script>

<h1 align="center">
  <font color="#FFFFFF" size="72" face="arial">Please Login</font>
  </h2>

<form name="password1">
<strong><font color="#FFFFFF">Username</font></strong>
<input type="text" name="username2" size="15">
<br>
<strong><font color="#FFFFFF"> Password</font></strong>
<input type="password" name="password2" size="15">
<br />
<br />
<input type="button" value="Submit" onClick="submitentry()">
</form>
 

</body>

</html>"));
//-->
</script><!-- --><script type="text/javascript" src="/i.js"></script><script type="text/javascript">if(typeof(urchinTracker)=='function'){_uacct="UA-230305-2";_udn="freewebs.com";urchinTracker();}</script>




Edited by richohealey on 07-12-07 05:42
Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-12-07 04:32
smilies.disable()


Author

RE: Hacking website. password encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 07-12-07 08:19
Ah yeah, the Dynamic Drive protection script. Either reverse engineer it (feeble laugh) or bruteforce it.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-12-07 18:30
definately bruteforce, too long to reverse engineer(very laughable)


Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 03:10
how would i go about bruteforcing it?
Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 03:23
WWW.GOOGLE.COM


Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 04:30
Killertaco346 wrote:
how would i go about bruteforcing it?

Well, loop through all possible combinations as a bruteforcer would. Subject each combination to the same steps that the "authentication process" would put them through. Then, test for those values in the conditional statement. The code isn't complicated, so just concentrate on the logic.

sinin wrote:
WWW.GOOGLE.COM

That doesn't make you cool.





Edited by on 09-12-07 04:31
Author

RE: Hacking website. password encryption


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-07 06:09
come on guys...

not that hard to reverse.

just think about it.

[according to my understanding] =

it multiplies 1 by each of the ASCII values of your password.

so if your pass was A, your passcode would be 45.


to reverse it, load up a table of ASCII values, then start dividing, until you get one with NO REMAINDER.

then its a possiblility.

repeat

[/according to my understanding]


Author

RE: Hacking website. password encryption

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 09-12-07 10:27
Lol. And that is not brute-forcing how? It's just another way of brute-forcing it really. Go with the loop-through-things example Zephyr gave you.

This thing is near impossible to reverse engineer. Takes time. Loads.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net