Dashboard Articles Playground Discussions More
Follow

First one ive been stuck on!

Antiwin
12 years ago

0

Hey guys, really enjoying all of these but cant seem to get past this one? Any help is appreciated preferably dont just tell me the answer give me hints? But if you just want to give me the answer thats fine. Cheers

13replies
11voices
245views
daMage
12 years ago

1

go to the source (as always) an follow the leads.

 
  • daMage
terturl
12 years ago

0

Can you go in dept I still dont understand

daMage
12 years ago

0

Could you be more specific? What exactly you don’t understand? Viewing the source?

 
  • daMage
Synch
12 years ago

0

probably which part of the surce should we be focussing on

daMage
12 years ago

0

The part that tells you where the script originates from… always do the background checks…

 
  • daMage
mtixd
12 years ago

0

hey i’ve problem with that…. i have the .js file but there are no login / psw only numbers, its that coded?

mtixd
12 years ago

0

again i find it.. but can some'1 tel me why when i put the link in to blackwindow and then scan the site, i can’t see the members file but only login.js

Mikey * [StonedNinjaLUFC]
12 years ago | edited 12 years ago

0

find the Index page - find [removed] try out the user names and passwords ;)

Edit: removed spoiler

 
Mojito
12 years ago

0

Hey, I have found the members file through the hints but don’t know how to find the file without the hints Are threre any programs to scan for hidden files or soemething else or have I to guess a file with this name?

I also tried to get it through the source code but that won’t work. I used the hash method backwards to get username (t1gcg) and password ( pcccfgid). They are accepted because their hashcodes are like the ones in login.js but I see no way to decrypt the url this way. Are there any other hints to get the solution through the sourcecode?

best regards,
Mojito

Luke [flabbyrabbit]
12 years ago

1

The idea is to not attack the encryption directly but to try and find an easier way to avoid it. Seeing as it is a stock scrip there will be documentation somewhere. If you did some research into the script you might be able to find a possible vulnerability.

 

Image

morpheus1337
11 years ago

0

[flabbyrabbit]s comment was helpful. I found documentation and it was easy to do it then.


But is it even possible to write a function to decrypt it the hard way? I was trying hard to analyze the code and when I was close I reliazed u need the password to crack the hash no metter how u try to change script (removing some if statements ect.). You have the crypted info of username lets say 6432 and u need to do step1 few times. But since you don’t know the password, alpha.indexOf(password[x])) can be in range 0-70 (give or take). That means you can create some algorith wich will test XY candidates but you can’t crack it directly.

Am I right?

It would be too complex to explain it absolutely exactly (with my English even harder) but I hope I explained my general idea :)

step1: (username - 1 - alpha.indexOf(password[x])) / 8 (just basic idea - not the exact calculation)

???Roun512 [roun512]
11 years ago | edited 11 years ago

0

Sorry but spoiler tag here is [ spoiler ] not < spoiler >

 

If you make people think they’re thinking, they’ll love you. but if you really make them think, they’ll hate you.
~ Harlan Ellison

kzimir
11 years ago

0

Is the documentation still online ? I don’t find it …

I pass all other level easily but this one … !

You must be logged in to reply to this discussion. Login
1 of 14

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss