Author | JS16 completion time |
richohealey Member

Posts: 1022 Location: #!/usr/local/bin/python
Joined: 01.05.06 Rank: Monster | |
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
|
 |
Author | RE: JS16 completion time |
mido Member

Posts: 613 Location: Cairo, Egypt
Joined: 27.01.07 Rank: Hacker Level 1 | |
since it released not yet 
|
 |
Author | RE: JS16 completion time |
mikispag Member

Posts: 43 Location: Italy
Joined: 14.11.06 Rank: Newbie | |
Well as you know I'm still cracking it...  |
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
i decided that i don't consider bruteforce a sane skill for javascript hacking because of spam filters..
silly challenge not worth my time
|
 |
Author | RE: JS16 completion time |
richohealey Member

Posts: 1022 Location: #!/usr/local/bin/python
Joined: 01.05.06 Rank: Monster | |
you realise the BF was meant to run locally right? and not make like a bajillion calls to the site?
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I heard system did it in 5 minutes, boy would I like to see that source
|
 |
Author | RE: JS16 completion time |
SySTeM Member

Posts: 1524 Location: England, UK
Joined: 27.07.05 Rank: HBH Guru | |
mozzer wrote:
I heard system did it in 5 minutes, boy would I like to see that source
And who said that...?
|
 |
Author | RE: JS16 completion time |
richohealey Member

Posts: 1022 Location: #!/usr/local/bin/python
Joined: 01.05.06 Rank: Monster | |
sakarin wrote:
yes and then read them all in hopes of finding one that looks like it..
it's still dumb
and you made it obvious that you don't intend on correcting it.
feature not a bug thing.
I gave serious thought to correcting it....
But then I thought "If i was using this on a real site (suspend disbelief here people!), would i change this?"
Would you?
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
system_meltdown wrote:
And who said that...?
Richo, on his dev server
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
yes i was refering to that comment. and i answered that when you first said it. i said yes you could consider it a feature on a realistic mission.
which brings me back to my first post on this topic.
and all the other ones. this javascript challenge doesn't test any javascript knowlege apart from being able to read it..
yes it's clever (but not a new concept) yes it's not impossible and should be kept, no it should't be on the javascript section.
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
richohealey wrote:
I'm curious, how long did it take you all?
The fastest i've heard of was 58 mins.
I haven't gotten past 7 digits yet with my C++ brute forcer... I have a feeling I'm going about it the wrong way
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
ive been looking for a different way to do this other than bf... i guess there isnt. so has everyone used c++ or javascript?
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
I coded a bruteforcer in C but it's not nearly fast enough, I'm still working on optimizing it.
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
ok i deffinately need to know now if there could be some possible problems with coding it in javascript... because i have my code now and once i finish some small tests im running it so if there are any issues tell me now.
|
 |
Author | RE: JS16 completion time |
korg Member

Posts: 2803 Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06 Rank: God | |
Don't try it in javascript it will slow your browser and way too slow I'm using C++ but have shitloads of answers but no solution????
Challenge is unreal to the point of you could never log in right.
I deal in pain, All life I drain, I dominate, I seal your fate. |
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
well the question remains..... I wonder if it can be brute-forced in a reasonable time. which is in my case < 2h
because my patience is limited. B) |
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
*Off Topic* Yes Korg, much better. ^_^ */Off Topic*
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
|
 |
Author | RE: JS16 completion time |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Arto_8000 wrote:
Here are simple calcul that can give an idea of how long the password is :
x : number of caracter.
100 represent an average ascii number.
x/2 represent the average value that should take i.
(x*100*x/2)(x*100*x) + (x*100*x)(x*100*x) + ...
(x*100*x/2)(x*100*x)*x= 88692589
(5 000x^4)*x = 88692589
5 000x^5 = 88692589
x = 7.076
So this mean the password should have around 6 to 8 caracter.
BTW : Javascript is poorly coded ... "substring(i,i+1)" shoud be "charAt(i)" ... "sum = sum+(index*n*i)*(index*i*i);" should be "sum += (index*n*i)*(index*i*i);"
Ok someone correct me if I am wrong here, but according to my calculations, the password is at least 10 characters long.
Code
function Check(checksum)
{
var tab = " azertyuiopqsdfghjklmwxcvbnAZERTYUIOPQSDFGHJKLMWXCVBN0123456789_$@";
var entry = document.forms[1].elements[0].value;
var n = entry.length;
var sum = 1;
for(var i=0;i<n;i++)
{
var index = tab.indexOf(entry.substring(i,i+1));
sum = sum+(index*n*i)*(index*i*i);
}
if(sum==checksum)
{
window.location = entry+".php";
}
else
{
alert("Wrong Pass!! Try Again.");
}
return false;
}
Since the checksum is calculated using the sum of muliplication, if we put in all @ as our password, the max sum for 9 characters (using all @) gives us a sum of 84272401, which is less then checksum of 88692589. I hope I am wrong becuase at this point the only solution seems to be a bruteforce, which at 10 chars can take ages to run. |
 |