POssible for Hydra ( java script inside )?

Hi,
i hope its the right forum.

The Form:

Code:

---

                                        <form id="myform" action="/dummy" onsubmit="send_login(); return false;">
                                                        <fieldset>
                                                                <p>
                                                                        <label class="duple" for="username">Benutzername&nbsp;:</label>
                                                                        <select id="username" name="username">
                                                                                <option value="admin">Administrator</option>
                                                                                <option value="user">Benutzer</option>

                                                                        </select>
                                                                </p>
                                                                <p>
                                                                        <label class="duple" for="password">Kennwort&nbsp;:</label>
                                                                        <input type="password" id="password" maxlength="15" name="password" value="" tabindex="100" />
                                                                        <input class="button_submit_padleft" type="button" name="Login" value="Anmelden" onclick="send_login();" />
                                                                </p>

---

And the function:

Code:

---

        function send_login()
        {
                /* Salt in hex, 8 chars long. */
                var salt = "cc52f345";

                var password = document.forms.myform.password.value.substr(0,16);
                document.forms.myform.password.value = "";                // Make sure password never gets sent as clear text

                /* Pad the password to 16 chars. */
                for (var i = password.length; i < 16; i++) {
                        password += String.fromCharCode(1);
                }

                /* Append the password to the salt and pad the result to 63 bytes. */
                var input = salt + password;
                for (var i = input.length; i < 63; i++) {
                        input += String.fromCharCode(1);
                }

                /* Append a 'U' for user login, or a '\x01' for admin login. */
                input += (document.forms["myform"].username.value == 'user') ? 'U' : String.fromCharCode(1);

                /* MD5 hash of the salt. */
                var hash = hex_md5(input);

                /* Append the MD5 hash to the salt. */
                var login_hash = salt.concat(hash);

                /* Send the login hash to the server. */
                var xmlobj = new xmlDataObject(data_ready, data_timeout, 6000, "/post_login.xml?hash=" + login_hash);
                if (!xmlobj) {
                        /* Browser does not support XML DOM. */
                        alert ("Ihr Webbrowser ist nicht aktuell genug, um diese Website zu verwenden. Aktualisieren Sie Ihren Browser.");
                        return;
                }
                xmlobj.retrieveData();
        }

---

May anyone explain what the hydra parameters for bruteforcing that?

Best Regards

Benjamin

What website is this from?

Quote:

---

Originally Posted by lupin

What website is this from?

---

You might try a D-Link DIR-635. If the mods are a bit suspect on this one, he has posted the question in at least two german forums elsewhere as well but has not stripped a lot of the information out of those as far as I can tell. My german is apparently a little rusty.

And to answer the OP's question, no to hydra.

Hi thanks for answering, its a Dlink Dir 615.
I tryd combinations with salt+rainbowshashes, but hydra dont make it out. I add the right hash but nothing...

Anyone can explain what tool i can use for that?


Thanks

bye

Benjamin