Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 26
Members Online: 6

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 6 of 6 << < 3 4 5 6
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:28
Kind of makes me wonder why richohealey didn't just make it python code and another type of challenge besides javascript. Thanks for that info though, I'll start with it soon.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:33
Part of the fun is rewriting the JS code though, there is a certain function in there that python doesnt appear to have, so I just wrote a python version, it taught me a lot about how that function worked, both in JS and python.

I would recommend python to anyone trying this challenge, its easy to read and thus easier to keep track of whats going on. By the end, you will know the algo inside out.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:40
Ok, I wasn't thinking. What I meant to say was it's strange to do this for javascript. Converting it to your native language is cool, and hopefully those hints make it a little easier. I guess I'll store all the results in a text file, maybe idk.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-08-08 16:45
24 hours pass, and I have an idea. Knowing the format, this may not be as hard as I thought. 12 characters long, wordNumberword

If we had XXXXXXXXX9XX that could be tough, but if it were more like XXX999XXXX <--i forgot 2 chars, I was tired. the keyspace is cut down.

bruting (26^3) and (10^3) and (26^4) would be way faster than
(26^9) and (10^1) and (26^2)

One of jjbutler's posts said he did it in less than an hour, so just a guess of how it could be worked out. Still beginning to write something.




Edited by on 22-08-08 18:47
Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 21-08-08 18:28
yep I'm using really really long dictionary and list of numbers, combine them in the right format and if they have 12 char compare them against the algorithm. Thing is that I just took the biggest dictionary I found online, so it's been a while and I'm still on 'A words'Sad also even with the dictionary there is shit loads of false positives...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-08-08 19:12
clone4 wrote:
yep I'm using really really long dictionary and list of numbers, combine them in the right format and if they have 12 char compare them against the algorithm. Thing is that I just took the biggest dictionary I found online, so it's been a while and I'm still on 'A words'Sad also even with the dictionary there is shit loads of false positives...


Language? Also; optimize code (loops!).



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-08-08 19:17
Remember, its a bruteforcer, but the password 'makes sense'. Think about what kind of numbers could be used to create a password like that (e.g. some1, 2moro) There are some obvious numbers you should be including as well, that should cut it down a bit Grin


Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 21-08-08 19:22
jjbutler88 wrote:
Remember, its a bruteforcer, but the password 'makes sense'. Think about what kind of numbers could be used to create a password like that (e.g. some1, 2moro) D


maybe too much of a hint... anyway it helps a lot, gotta get rid of a lot of numbers and words Smile

spy: perl, using 3 nested loops and basically nothing else




[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 11:48
Anyone around that has done this in C++? I've tested string::find(), it does what indexOf() does in javascript when it takes only one parameter like in the code.

Code
long test(std::string entry)
{
    long sum=1,index;
   for(int i=0,n=entry.length();i<n;i++)
   {
      index = tab.find(entry.substr(i,i+1)); //tab is global
      sum += (index*n*i)*(index*i*i);
   }
   return sum;
}




should work, but when I test one of the false positives that someone posted, something must be wrong there.

Code
test("aLOCs687Jaaa");


yields 5802193




Edited by on 22-08-08 11:48
Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 22-08-08 12:01
sharpskater80 wrote:
Anyone around that has done this in C++? I've tested string::find(), it does what indexOf() does in javascript when it takes only one parameter like in the code.

Code
long test(std::string entry)
{
    long sum=1,index;
   for(int i=0,n=entry.length();i<n;i++)
   {
      index = tab.find(entry.substr(i,i+1)); //tab is global
      sum += (index*n*i)*(index*i*i);
   }
   return sum;
}




should work, but when I test one of the false positives that someone posted, something must be wrong there.

Code
test("aLOCs687Jaaa");


yields 5802193


I don't code in C++, but maybe try to write what itineration is the loop in, because in my perl code, I get loads of false positives, but only ones that are in the last itineration of the loop will produce the alert box... ie:
[deleted]
and the format is : itineration ! sum : answer : localtime, just in case you were lost :D



[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by SySTeM on 04-01-09 17:22
clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 12:13
Ah, it's not the fact they could work that confuses me. The person who listed it had it total up to the right sum, mine doesn't do that for some reason.








Edited by on 22-08-08 15:06
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 17:07
You can save the source, change it to alert the checksum and keep tweaking till your algo spits out the same as richos, then you can begin Grin


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 17:12
I assumed javascript's substring() got a substring, but it turns out it has substr() which is completely different that does that. substring() gets a single character in this case. I sat here staring at my source trying to figure that one out for a while. Pfft Things should get rolling now anyway.




Edited by on 22-08-08 17:17
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 17:16
I was having problems with that indexOf() function, so I studied it and wrote my own python version Pfft.


Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 22-08-08 17:19
jjbutler88 wrote:
I was having problems with that indexOf() function, so I studied it and wrote my own python version Pfft.


Lol you solve lot of issues like this Grin had a same problem too Smile


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 17:50
IMHO its the best way, you learn more about both languages, and the algo.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-08-08 00:58
stdio wrote:
I first started this with a brute forcer, got too many valid answers. System then posted a "wordNUMBERword" format of the password.

I then wrote two programs.

1- To generate my own wordlist making some assumptions about the problem.

2- A dictionary attack that, when the wordlist was right, solved in a few seconds.

This is atleast how I did it.


Number 2 there, I don't understand how we could get our program to differentiate the correct pass from one that makes the checksum.

Alright, just looking at the math behind the keyspace. Remember the format too.


Code
CNNNNNNNNNNC
CNNNNNNNNNCC
CNNNNNNNNCCC
CNNNNNNNCCCC
CNNNNNNCCCCC
CNNNNNCCCCCC
CNNNNCCCCCCC
CNNNCCCCCCCC
CNNCCCCCCCCC
CNCCCCCCCCCC




10 there, then figure the other parts where the number could start, I got 45 combinations.
So when stdio said the" wordlist was right" I guess that means he knew where the number started in the string and how far it extended.
Beside trial and error, I don't know how to figure that out. It just seems like the few people who beat it have deduced something extra about
that which led them to solving it. I'm still optimistic about there not being more than 4 consecutive of the same character, like "CCCCNNNNCCCC".
Even 5 isn't too bad though.




Edited by on 28-08-08 01:01
Page 6 of 6 << < 3 4 5 6