Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 16
Members Online: 0

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 1 of 6 1 2 3 4 > >>
Author

js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-06-07 17:55
I have completed all of the js's b4 but this on got me stumped ....
Sums, tab vars, checksum ...
No ... Im really stuck


Dotti.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-06-07 18:07
Kind of like breaking an encryptions.

Each key is turned into a number and if multiple letters are submitted, it does math to all of them to make it unique. You basically have to reverse engineer what the encrypt method is doing and make it the same as the checksum.

What i would do is change the false alert to say alert(sum) and then do guesses from there.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-06-07 18:20
ty dude, ill try that

Dotti.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 22:04
This one is very hard !
Can i pm someone with what i found ?
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 23:01
u can pm me but i doubt i will get the answer quick...lol


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 23:16
any thoughts on why is this challenge only worth 40 points. and js15 is worth 50?
js15 is as simple as alerting the comparison string. js16 will really make us reverse the algorithm so i think we should get a little more for our trouble.

im contemplating bruteforce for it but i think this chall might have more than one possible answer.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-06-07 23:32
I'm with sakarin, I tried bruteforcing it in javascript but my processor went up to 100% and my browser crashed...I think it would take way too long to bruteforce it, especially considering we don't know the character set (the "tab" variable?) or the length. I'm actually really confused on how to go about this challenge, it seems impossible to reverse it because of all the factors involved in calculating the sum, and I do think there could be more than one answer...


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 00:48
if you coded a bruteforcer for it you should know enough to answer your first doubt




Edited by on 22-06-07 00:49
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 00:51
right, I guessed about some stuff. I don't think bruteforcing is the right way to go though.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 00:57
by bruteforce i mean create a loop that will stop when it matches the comparison string..

the other way is to reverse the algorithm and i don't think i have the brain power to do that.. =)


Author

RE: js16

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 22-06-07 01:06
There are definitely many possibilities for this one. I've figured out so far that he first letter doesn't matter, since "i" will always be 0 in the "for" for the first letter, and since multiplying by zero and adding 1 gives you always 1, the sum is not changed, so you can use any first letter from the set "tab".
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 01:10
at first glance i thought that indexOf had that taken care of but u're right.

and one thing is for sure there's only one php file there are at least as many right passwords as there are ascii characters.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 02:15
yeah that's what makes me think we're not supposed to bruteforce it...that said, I made a bruteforcer in C just for fun, I had to write a new indexOf function and stuff. it got my processor up to 60 degrees C though so I stopped it but if anyone wants the code PM me.


Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 22-06-07 04:02
hey guys... yeah it's a tricky one!!

the first character thing is owing to a slight bugger up on my part, though when you get it you'll know what the first character is.... and there are multiple solutions, but you'll arrive at the right one long before any of the wrong one.

Good luck


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 14:45
OK i reversed it but there are thousands of possibilities !

for example (without quotes) :

[deleted]

all those are valid but not the required password!

Richo : maybe you could give us the last character of the pass ? :happy:




Edited by SySTeM on 04-01-09 17:11
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 15:41
richo have you coded your answer to the challenge. something that doesn't bruteforce and gives the right solution?
i mean when someone creates a challenge it's always good to do some testing before making it public.

if so could you make it avaliable on the final url so we at least know the intended solution?

i still can't get past you comment on having multiple right answers is a feature not a bug..


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 16:57
Im still really stuck


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 17:16
thank's for sharing..


Author

RE: js16

I-O-W-A
Member



Posts: 206
Location: Somewhere Only I Know
Joined: 01.08.06
Rank:
Apprentice
Posted on 22-06-07 18:01
this challange has got me completley stumped lol i dont even know where to begin


img517.imageshack.us/img517/8460/iowasssec7kh5.jpg

^thanx x-x for the sig^



img411.imageshack.us/img411/7846/sigforiowa2px1.gif
thanks CyberSpider For The Sig ^^


You See My Soul Its Kinda Grey, You See My Heart You look Away
the_new_abortion_is_here@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 21:47
This challenge is IMPOSSIBLE to solve as there are billions of valid solutions ! Bruteforce would take years !

OK you want more "valid" strings ?

[deleted]

And for each you can change the first space with any 85 chars of the tab string and it will still be valid.

So what can we do now ???

[edit] there's 2 spaces between 'p' and '4d' but it shows only one after post... HTML problem Smile

Edited by SySTeM on 04-01-09 17:11
Page 1 of 6 1 2 3 4 > >>