Donate to us via Paypal!
I'd prefer to die standing, than to live on my knees - Che Guevara
Saturday, May 08, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 174
Guests Online: 172
Members Online: 2

Registered Members: 136093
Newest Member: Risho
Latest Articles

View Thread

HellBound Hackers | Challenges | Javascript

Author

Javascript 16. Solved but...

j4vitux
Member

Your avatar

Posts: 7
Location:
Joined: 25.10.14
Rank:
HBH Guru
Posted on 13-11-14 07:21
hello, good morning,

I have several passwords that checksums correctly, 12 chars...
I bruteforced that with a multithreaded Python program in 2-3 hours. 69 threads.
When trying to submit the results, checksums ok with the javascript code, but php code rejects the passwords.

I missed something?
What to do now?
Thanks.

Excellent website, by the way, Im learning a lot here.
http://www.tuxrincon.com
Author

RE: Javascript 16. Solved but...

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 13-11-14 10:43
Well, the original password of this challenge is kinda funny...
I mean, you can find it in the forums reading carefully, I remember a discussion with Rex_Mundi that made me rofl because I solved the challenge like you are doing and he guessed it in 3 goes! That was awesome...

Now, back on topic, you are on the right track but maybe you are missing something on your code or you are getting a false positive (don't know how though).
I've coded it in c++ and in 58 seconds and 88 tenths with 1574392 iterations I got the answer... actually there are loads of correct answers.

If you want feel free to pm me and I'll help you on that Thumbs Up
Author

RE: Javascript 16. Solved but...

j4vitux
Member

Your avatar

Posts: 7
Location:
Joined: 25.10.14
Rank:
HBH Guru
Posted on 13-11-14 12:34
hi, mr cyph3r,

My password has the following chars that maybe are causing some trouble. & and space, 12 chars, the rest are a mix of digit-alpha chars.
Do you think are causing trouble?
I have a checker in python with similar code as the javascript and my code & password passes the js check.
I tried urlencoding the url and encoding it as base64.
No way.
Being a & and GET petition, maybe its getting half the string as another parm, I think, but dont know for sure.
Thanks

Edited by j4vitux on 13-11-14 12:36
http://www.tuxrincon.com
Author

RE: Javascript 16. Solved but...

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 13-11-14 14:53
Well, the two chars you have are part of the charset and if you parse them you get a checksum... so, in my opinion that's not the problem.

What you say about '&' in the url is right but maybe you are over complicating things... do you really need to change the url? You simply need to get a valid string and submit it using the form, you can do it manually since it is not a timed challenge. Thus you don't need url params and encodings.

If the problem persist it is possible that you are doing a mistake converting javascript to python code... I often run into problems like this, usually the error is so small that you struggle a lot to find it.

Let me know.
Author

RE: Javascript 16. Solved but...

j4vitux
Member

Your avatar

Posts: 7
Location:
Joined: 25.10.14
Rank:
HBH Guru
Posted on 13-11-14 23:27
Yes, it was the & char and the GET.
I submitted another response withouth the & and it worked.
My programs are working OK.
You must evade the & char to submit correctly the response.

Thanks, anyway for your responses, MrCyph3r.

Edited by j4vitux on 13-11-14 23:29
http://www.tuxrincon.com
Author

RE: Javascript 16. Solved but...

MrCyph3r
npm ERR!



Posts: 786
Location:
Joined: 09.08.14
Rank:
God
Posted on 14-11-14 13:51
Haha yeah, you are perfectly right man...
When I posted my thoughts yesterday I was relying on my memory cause I was at work without access to the challenge.
Now I've checked the source code and I see that you are damn right.
I'm sorry for that, but anyway I'm glad that you've managed to complete the challenge... congrats!