Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 26
Members Online: 5

Registered Members: 82881
Newest Member: DARKLECTER
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 1 of 2 1 2 >
Author

javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-01-08 16:06
hi,can anyone help me with this challenge?just a push in the right direction
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-01-08 19:34
oh lord
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-01-08 19:35
oh lord
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-01-08 15:08
where can i find an article explaining how to build a bruteforce?
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-01-08 00:23
redhothacker wrote:
where can i find an article explaining how to build a bruteforce?


You have to implement the javascript algorithm in a language of your choice and then calculate the checksum for all possible strings ("aaa", "aab",.., "zzz", "aaaa", etc) until you find the one which yields the right checksum.

But it will take forever, if you don't find some smart optimization (*). Has someone already solved this challenge?

---

(*) You can also try random strings. If you are very very lucky, it will take only a few seconds... Wink

Edited by on 24-01-08 00:25
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-08 19:15
Read the Forum (and this thread) and you will find members who have beaten this.
I'm convinced that this can't be done without any hints. Do some maths and write a fast burteforcer, but there are still billions (and I mean billions) possible solutions.
So I would be interested in how -cL did this challenge.
Author

RE: javascript 16

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 27-01-08 19:31
Well, perhaps if all generated passwords were checked against a wordlist all 'real' words could be separated from the rubbish :right:

But that requires the true password to be a normal word which exists in the wordlist, and we don't know that until we've beaten the challenge lol


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: javascript 16

devilsson2010
Member



Posts: 93
Location: Massachusetts
Joined: 25.04.08
Rank:
Newbie
Posted on 27-04-08 07:39
This is actually very simple, I just need someone to tell me which language will fill out the text box and submit it. It can be done easily with 'for' loops.

First you start with all letters and numbers in an array/vector, for example vector dictionary. Then do a bunch of for loops for how big you want the word to be. So for 2 letter words you would do something like this (written in C++ format):

for (int a=0;a<dictionary.size();a++)
{
string temp1 = dictionary[a];
for (int b=0;b<dictionary.size();b++)
{
string temp2 = dictionary[b];

cout << temp1 << temp2 << endl; // This part should put the code into the box
}
}


Can Java auto-enter something into the box?


www.hellboundhackers.org/sig/r/29891.png
Author

RE: javascript 16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 27-04-08 08:29
devilsson2010 wrote:
This is actually very simple, I just need someone to tell me which language will fill out the text box and submit it. It can be done easily with 'for' loops.

First you start with all letters and numbers in an array/vector, for example vector dictionary. Then do a bunch of for loops for how big you want the word to be. So for 2 letter words you would do something like this (written in C++ format):

for (int a=0;a<dictionary.size();a++)
{
string temp1 = dictionary[a];
for (int b=0;b<dictionary.size();b++)
{
string temp2 = dictionary[b ];

cout << temp1 << temp2 << endl; // This part should put the code into the box
}
}


Can Java auto-enter something into the box?



LMFAO.
So in a challenge aimed at producing clean FAST code, you'regoing to pass each iteration to a freaking javascript parser in a browser? good luck mate.

And as far as I know there is no trick. If someone cracks this mathematically there'll be a big prize.

The algorithm has HEAPS of collisions, but they're easy to flter out (grep Wink), but only the right pass will work.

This challenge is an ample PoC of a secure client side authentication system.




Edited by richohealey on 27-04-08 12:29
bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: javascript 16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 27-04-08 09:34
brb, has anybody here beated this challenge with perl script. Is it even possible do this in some sensible time in perl ?


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 03:02
ugh, this won't be fun to do.
#WORD# and htat it's 12 cahrs long saves tons of time, but still.
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 05:06
The only programming language i know so far is C++
and not too much of it really.

My question is...

Would writing this in C++ be a bad idea? Speed wise




Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 10:57
not at all, just make sure you rewrite the algo in c++, then you done have to do a web request per attempt.


Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 22:31
I didn't understand what is the value of checksum so that i can know the password's hash. It is the parameter of the function, but does it get a value if so? Smile
Author

RE: javascript 16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 06-09-08 22:42
s33us00n wrote:
I didn't understand what is the value of checksum so that i can know the password's hash. It is the parameter of the function, but does it get a value if so? Smile


If that made sense, I should stop with the drugs, because seriously I've got no idea what you want or mean....ShockShockShockShock

I see you are talking about the checksum, so I will just write this,the script checks your answer against the preset checksum (88something), when you enter password, it goes through the algo, where the checksum is calculated from the password, then the calculated checksum is compared against the given checksum (the 88something Smile) and if it's equal you win Wink you need to in some programming language "re-write" the algo used to calculate the checksum, and then dictionary attack it ( password has 12 chars and is in format numberwordnumber and the answer makes sense )


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-09-08 08:06
clone4 wrote:
If that made sense, I should stop with the drugs, because seriously I've got no idea what you want or mean....ShockShockShockShock


LOloSmile)

Sorry for misunderstanding. I understand that the variable sum is calculated from the password and is the hash of the password you type. It is checked against another variable(checksum) which is also the parameter of the function. What i meant was.....what is the value of checksum? Is that the value(88something) you talked about?...or what did you mean by that?
Author

RE: javascript 16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 07-09-08 10:31
s33us00n wrote:
clone4 wrote:
If that made sense, I should stop with the drugs, because seriously I've got no idea what you want or mean....ShockShockShockShock


LOloSmile)

Sorry for misunderstanding. I understand that the variable sum is calculated from the password and is the hash of the password you type. It is checked against another variable(checksum) which is also the parameter of the function. What i meant was.....what is the value of checksum? Is that the value(88something) you talked about?...or what did you mean by that?


It's 88692589, just check the source of the challenge properly, and everything is there Wink


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-09-08 18:35
oops...i didn't see it....sorry. Thanks a lot!
Author

RE: javascript 16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-10-08 19:20
OK...i got quite nervous with this challenge. Can somebody tell me what is the password like so i won't get false positives?...When somebody here said wordNUMBERword and the password made sense...i thought that the number would be like 4 meaning "for" and the password will look like life4fun...for example. Somebody told me that the words have the same length(4 letters) and the number has 4 digits....even so after running my program for 2 minutes i got around 15 false positives....and it will finish in around a week. Here are some of them.
[deleted]
The point is that.....this is ridiculous. It sould work with every one of this or it should display none of these. It was better if i got some hints about the password at the beginning..or if it should work with every false positive. This is crazy.:angry: Can somebody give me more hints...cause it's impossible to do it without them.

Edited by SySTeM on 04-01-09 17:12
Author

RE: javascript 16

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 07-10-08 19:27
The words make sense, somehow. Try a dictionary analysis on the results.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Page 1 of 2 1 2 >