Follow us on Twitter!
It is never to LATE to become what you never WERE.
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 15
Members Online: 2

Registered Members: 82906
Newest Member: ilija
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 3 of 6 < 1 2 3 4 5 6 >
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-07 00:00
my lil bruteforcer just got done with it....it got it wrong lol
i think idk
but if its right then it proves it can be bruteforced



Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-07 11:51
tehe SANTA solved
except im nt getting my points witch is driving me insane.
it says cograts and wat not. but then i get no points! im being jipped.


Author

RE: js16

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 24-06-07 11:54
SANTA wrote:
tehe SANTA solved
except im nt getting my points witch is driving me insane.
it says cograts and wat not. but then i get no points! im being jipped.


PM me with the answer you got.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: js16

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 25-06-07 21:30
not to be captain obvious guys, but, the answer will be readable words I assume. First I guess we'll have to find out how many letters there could be. Simple (yeah right) matter of paper and pencil. I'll be back!
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-07 00:02
not really pen and paper. or maybe pen and tons of paper.. =)

when you come back read the rest of the topic to find out more ppl pissed like you. Frown


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-07 14:56
This is a tricky one... got me a little stumped.

It's obvious that the length must be between 10 and 17 chars long, so brute forcing is out. There doesn't seem to be a way to reverse the algo either (beyond a slightly simplified version which is easy to get to).

Got me beaten for now. Assuming its not just a guessing game, this challenge is either very clever, or very dumb. I hope its the former.
Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 26-06-07 15:26
uhh no brute forcing is in.... i designed this partly as a coding challenge, you need to code a brute forcer that can do it in a reasonable amount of time....

and yes, there are already challenges on this site that need bfing that take longer,


--Richo


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-07 16:23
If thats the case then we need to make various assumptions about the keyspace which I must be missing.

Fair enough if its designed that way... credit to you for designing a tough one.
Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 26-06-07 17:07
ha ha, yeah, it's entirely possible that i went over board with the password though... it's kinda long... you'll get it though.

and yeah, i shot for an actually hard one, until now i could do all js's within an hour


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-07 20:28
richohealey wrote:
i shot for an actually hard one, until now i could do all js's within an hour


I get it !

Yes you're right... All other js's were easy.
This one is very hard and should be worth more than 40 points !
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-06-07 20:43
well i wrote a brute forcer and used a 50kb word list but got nothing. damn you richo we actually got to work for this one :happy:


Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 26-06-07 20:45
DigitalFire wrote:
damn you richo we actually got to work for this one :happy:


damn striaght.... enjoy!!!

and your wordlists are useless against my 1337 word picking!




bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16

lukem_95
Member

Your avatar

Posts: 232
Location: 127.0.0.1:80
Joined: 05.07.06
Rank:
Apprentice
Warn Level: 5
Posted on 26-06-07 20:49
not even my uber cool 3.2gig one? probably actually... i can think of hundreds of annoying 1337 spelled words that wouldn't be in it Pfft


www.hellboundhackers.org/news.php?logout=yes
Author

RE: js16

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 26-06-07 20:49
Umm...i hope it IS a word...and not just one random thing like "Popoilikebutnottell" or "richohealeypwnsyou" or "ajnlfkfdjodfjuosdjihlol21"
:whoa:


anbu.sf@hotmail.com
Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 26-06-07 20:55
it's not random characters,

you'll know it when you get it, but there ARE collisions atm, so if you get a pass that works, but doesn't, keep going.

[edit]
After discussing this with an utter nub over IRC i've decided that i like the collisions and now have no intention of removing them

Because:

If i HAD to use js to protect a site, this is deffo how i'd go about it, since even if you createa bruteforcer you still need to try all the combinations before you actually find the page.

So I've decided that i'm an accidental genius.

I'm open to discussion though, as long as it's reasonable (You know who you are, Irc-nub)

[/edit]


Richo




Edited by richohealey on 26-06-07 22:05
bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 26-06-07 22:56
richohealey wrote:
I've decided that i'm an accidental genius.


Haha, well said ^^ Grin


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-07 05:31
well if '@' is the highest value and 'a' is the lowest we can assume that the password is between 10 and 17 characters (already mentioned) minus the fact that the first doesn't matter (already mentioned) we have the range of 9 to 16 characters, with a large character set (66 i think). that makes it somewhere from

23,762,680,000,000,000 possibilities to

1,296,292,380,000,000,000,000,000,000 possibilities.

the brute forcer i wrote in php gets 25k/sec (slow i know i'm on an old comp)

so could take anywhere from 3 hundred thousand years to the rest of eternity.


this is similar to system's challenge but he ONLY HAD NUMBERS, which EXPONENTIALLY reduces the amount of work to be done.

unless my math is off (might be im tired) then this is ridiculous to brute force. i guess ill go try and reverse the algo... :right:


Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 27-06-07 06:16
WEelll, your math is corrent in theory, but the fastest time i've heard for a BF to complete this is a bit under 1 hour, so don't stress it IS possible


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-07 07:25
You know a hint would be nice. I thought I was pretty proficient in javascript until this challenge came along. Grin
Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 03-07-07 19:22
jbjoker wrote:
You know a hint would be nice. I thought I was pretty proficient in javascript until this challenge came along. Grin



Hint!!!!: Don't code the Bruteforcer in javascript


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Page 3 of 6 < 1 2 3 4 5 6 >