Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 27
Members Online: 1

Registered Members: 82835
Newest Member: phanton2043
Latest Articles
View Thread

HellBound Hackers | Challenges | Javascript

Page 5 of 6 << < 2 3 4 5 6 >
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-08 00:23
Yeah you do, but I also think its necessary to fiddle with the function a little bit. I found out a lot as to the parameters of where the bruteforcer should search and how to search it just by messing with the function a bit
Author

RE: js16

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 06-03-08 02:05
Ok, so you all know.

a) this challenge requires bruteforcing, it's really an exercise in creating a decent Brute forcer.

b) the result makes sense, so take that how you will (it's a hint at a refining algorithm)

c) i'll dig out my solution source and post it on the complete page

d) For the last time, this WOULD constitute a more secure than usual JS login, this is demonstrated in the number of people stumped by it.

e) i didn't say secure!! MORE SECURE THAN USUAL </flame dodge>


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-08 21:20
Hi,

richohealey wrote:

c) i'll dig out my solution source and post it on the complete page



I'm waiting for someone to do this all the time.
Still claiming there is no solution without having hints!

Please show me I'm wrong.

Greetz
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-03-08 02:31
I'll try to write a BF over the weekend...it's gonna be hard since I have a parade on Saturday...using C++ because that's my best language and it's the fastest (efficiency-wise) that I can write.
Author

RE: js16

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 14-03-08 06:58
Maybe I'll make another attempt as well Smile this is a really good challenge since it actually requires some skills in coding ^^


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-04-08 19:35
This one is tough! The checksum is 88692589, and 88692589 is divisible by 1, 19, 37, .. The textfield has a max of 20 characters so I'm assuming the password is 19 chars long. This is because in the loop you have sum += n*(stuff), which is the same as sum += stuff and after the loop sum *= n. And it can't be a single charecter because no matter what it always results in 1. This is the easy part, still have to figure out an efficient way to brute force it.. Is the only way just to check all possible permutations, or is there a better algorithm? I haven't even tried because with 19 elements and 86 different values for the elements there are so many possibilities it would take ages.. or am I wrong here?
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-04-08 20:02
i still think theres a way to do it without using a brute forcer. thats just my opinion.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-04-08 17:42
fallingmidget wrote:
i still think theres a way to do it without using a brute forcer. thats just my opinion.


Well you keep saying that, but have you actually solved it without using brute force? Are you basing this on anything?

Author

RE: js16

shadowls
You Like this!



Posts: 840
Location:
Joined: 07.12.06
Rank:
God
Posted on 05-04-08 18:21
they best way to do it is code a brute forcer and just run it till it cracks it. mine took me over two weeks to crack it.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee
None None
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-04-08 22:10
@guana
you are on the right track with ur pw length calculation, but the result might be wrong. Just remember what u wrote about the pw's with length 1.
And remember: knowing the pw's lenth doesn't help u so much

@shadowls
once again someone has written this super brute forcer and I'm quite sure once again if he is aked to proof this he wont answer, has lost this super program, is afraid someone steels his knowledge or it turns out he has some additional infos about the pw.


Greetz

Author

RE: JS 16 is bullshit.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-08 03:44
system_meltdown wrote:
sakarin wrote:
oh and system meltdown is the only person apart from richo with this chall complete. probably because he has to accept the challenges so he views them before hand..


1: I don't cheat.
2: I beat this when Richo sent it to me, and I had no help from him.
3: I have to view them before hand? It's a JavaScript challenge, all I had was the script, I had to beat it before I could set up a completion page.


Ok, I understand that your the alimighty and shit but give me a fuckin break. The Bruteforcer I have wrote has spit out over 135,00 false positives in less than 10 minutes, and I am only 9 characters in (working on a 12 character password).

here's only a handful of them... anf by my calculations that means my bruteforcerwill spit out 2,460,375,000,000,000 - yeah that's over 2 quadrillion false positives or 2 * 1000 billion. And some one mentioned grepping the has collisions. OK, come on be real. This challenge is BS. And if you beat it, its because someone helped you.

I guess most people will never even get a bruteforcer that can get to first combination in the first place. This challenge is bullshit.

[deleted]

Edited by SySTeM on 04-01-09 17:19
Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-06-08 22:31
I started to write my BTforcing code to solve this challenge, and I wanted to ask, has anybody here solved it with dictionary attack, because so far I haven't found any good dictionary to do that... Sad


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 22:55
I first started this with a brute forcer, got too many valid answers. System then posted a "wordNUMBERword" format of the password.

I then wrote two programs.

1- To generate my own wordlist making some assumptions about the problem.

2- A dictionary attack that, when the wordlist was right, solved in a few seconds.

This is atleast how I did it.


Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-06-08 23:07
stdio wrote:
I first started this with a brute forcer, got too many valid answers. System then posted a "wordNUMBERword" format of the password.

I then wrote two programs.

1- To generate my own wordlist making some assumptions about the problem.

2- A dictionary attack that, when the wordlist was right, solved in a few seconds.

This is atleast how I did it.


Ok just to specify it, did you generate it like basically bruteforcing (aaa111bbb,bbb111ccc) or did you combine several wordlists to create the right format for the challenge ?

Also can't help it but your avatar is so damn funny !Grin


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 23:18
Damn Double Posting




Edited by on 25-06-08 23:22
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-08 23:19
I basically knew the words would be English language(as they are in most challenges). The password length is also 12 (Mathmatically proven by Zues). So I made assumptions about the number and used a std dictionary to form 12 character passwords in that format. Granted the first letter of the password has sum = 0 so it actually solved before I got the real password, but if you get that right, you will obviously know what the answer should be,


Author

RE: js16

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-06-08 23:23
stdio wrote:
I basically knew the words would be English language(as they are in most challenges). The password length is also 12 (Mathmatically proven by Zues). So I made assumptions about the number and used a std dictionary to form 12 character passwords in that format. Granted the first letter of the password has sum = 0 so it actually solved before I got the real password, but if you get that right, you will obviously know what the answer should be,


Al right then, thanks for reply. as I can see there are quite a lot hints on this one, so hopefully eventually I will solve it Grin


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:02
nasty one.

Ok, made myself a script to adjust the password by randomly increasing/decreasing a position, works very quick (a couple of seconds). The problem is there are more passwords that match. Found theese for example
[deleted]

...

They don't give any error allert but ... page not found. How many random passwords match like this?... I think there must be another hint somewhere.

The password as many said has 12 characters
Also if you haven't noticed first letter is obsolete.

Here is the php script. You can start with any sequence (but I've used numbers, the password is displayed in the end)

Code
<?
$tab = "                   azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
$checksum=88692589;
$power=Array(0, 1, 8, 27, 64, 125, 216, 343, 512, 729, 1000, 1331);
$number=Array(19,19,19,19,19,19,19,19,19,19,19,19);
$sum=0;
$n=12;

while ($sum!=$checksum)
{     $sum=1;
      for($i=0;$i<12;$i++) $sum+=$n*$number[$i]*$number[$i]*$i*$i*$i;
      if ($sum==$checksum) break;
      $a=rand(1,11);
      if($sum<$checksum) {
         if($number[$a]<86) $number[$a]++;
         }
      elseif ($sum>$checksum) {
         if($number[$a]>19) $number[$a]--;
         }
      else echo "[".($sum-$checksum)."]".implode(",",$number)."<br>";
}
for ($i=0;$i<12;$i++) echo $tab[$number[$i]];
?>





Edited by SySTeM on 04-01-09 17:22
Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:11
Loads of people dont like these 'false positives', because in a real challenge, they would be accepted as correct. In this one however, you have to find the exact pass. There are lots of threads, so to save you trawling them, here are the hints:

1) The password is 12 characters long
2) The password is in the format wordNUMBERword
3) The password 'makes sense'

With these 3 hints, write a decent bruteforcer in your chosen language, you could have it in under an hour (I did). Obviously it would take forever to make that may web requests, so I would rewrite the encryption algo in your chosen language, then you can try more passwords / second, without killing your internet.


Author

RE: js16


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-08-08 16:17
Thank you Smile (I kind of enjoyed my script, don't like brute much but I'll think on something)
Page 5 of 6 << < 2 3 4 5 6 >