| Author | JS16 completion time |
richohealey
Member
Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Monster | |
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
|
    |
| Author | RE: JS16 completion time |
mido
Member
Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank: Hacker Level 1 | |
since it released not yet 
|
|
|
| Author | RE: JS16 completion time |
mikispag
Member
Posts: 43
Location: Italy
Joined: 14.11.06
Rank: Newbie | |
Well as you know I'm still cracking it...  |
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
i decided that i don't consider bruteforce a sane skill for javascript hacking because of spam filters..
silly challenge not worth my time
|
|
|
| Author | RE: JS16 completion time |
richohealey
Member
Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Monster | |
you realise the BF was meant to run locally right? and not make like a bajillion calls to the site?
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I heard system did it in 5 minutes, boy would I like to see that source
|
|
|
| Author | RE: JS16 completion time |
SySTeM
Member
Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank: HBH Guru | |
mozzer wrote:
I heard system did it in 5 minutes, boy would I like to see that source
And who said that...?
|
|
|
| Author | RE: JS16 completion time |
richohealey
Member
Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Monster | |
sakarin wrote:
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
I gave serious thought to correcting it....
But then I thought "If i was using this on a real site (suspend disbelief here people!), would i change this?"
Would you?
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
system_meltdown wrote:
And who said that...?
Richo, on his dev server
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
yes i was refering to that comment. and i answered that when you first said it. i said yes you could consider it a feature on a realistic mission.
which brings me back to my first post on this topic.
and all the other ones. this javascript challenge doesn't test any javascript knowlege apart from being able to read it..
yes it's clever (but not a new concept) yes it's not impossible and should be kept, no it should't be on the javascript section.
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
richohealey wrote:
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
I haven't gotten past 7 digits yet with my C++ brute forcer... I have a feeling I'm going about it the wrong way
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
ive been looking for a different way to do this other than bf... i guess there isnt. so has everyone used c++ or javascript?
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I coded a bruteforcer in C but it's not nearly fast enough, I'm still working on optimizing it.
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
ok i deffinately need to know now if there could be some possible problems with coding it in javascript... because i have my code now and once i finish some small tests im running it so if there are any issues tell me now.
|
|
|
| Author | RE: JS16 completion time |
korg
Member
Posts: 2803
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: God | |
Don't try it in javascript it will slow your browser and way too slow I'm using C++ but have shitloads of answers but no solution????
Challenge is unreal to the point of you could never log in right.
I deal in pain, All life I drain, I dominate, I seal your fate. |
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
well the question remains..... I wonder if it can be brute-forced in a reasonable time. which is in my case < 2h
because my patience is limited. B) |
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
*Off Topic* Yes Korg, much better. ^_^ */Off Topic*
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
|
|
|
| Author | RE: JS16 completion time |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Arto_8000 wrote:
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
Ok someone correct me if I am wrong here, but according to my calculations, the password is at least 10 characters long.
Code
function Check(checksum)
{
var tab = " azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$&#@";
var entry = document.forms[1].elements[0].value;
var n = entry.length;
var sum = 1;
for(var i=0;i<n;i++)
{
var index = tab.indexOf(entry.substring(i,i+1));
sum = sum+(index*n*i)*(index*i*i);
}
if(sum==checksum)
{
window.location = entry+".php";
}
else
{
alert("Wrong Pass!! Try Again.");
}
return false;
}
Since the checksum is calculated using the sum of muliplication, if we put in all @ as our password, the max sum for 9 characters (using all @) gives us a sum of 84272401, which is less then checksum of 88692589. I hope I am wrong becuase at this point the only solution seems to be a bruteforce, which at 10 chars can take ages to run. |
|
|
