POssible for Hydra ( java script inside )?
Hi,
i hope its the right forum.
The Form:
Code:<form id="myform" action="/dummy" onsubmit="send_login(); return false;"> <fieldset> <p> <label class="duple" for="username">Benutzername :</label> <select id="username" name="username"> <option value="admin">Administrator</option> <option value="user">Benutzer</option> </select> </p> <p> <label class="duple" for="password">Kennwort :</label> <input type="password" id="password" maxlength="15" name="password" value="" tabindex="100" /> <input class="button_submit_padleft" type="button" name="Login" value="Anmelden" onclick="send_login();" /> </p>
And the function:
Code:function send_login() { /* Salt in hex, 8 chars long. */ var salt = "cc52f345"; var password = document.forms.myform.password.value.substr(0,16); document.forms.myform.password.value = ""; // Make sure password never gets sent as clear text /* Pad the password to 16 chars. */ for (var i = password.length; i < 16; i++) { password += String.fromCharCode(1); } /* Append the password to the salt and pad the result to 63 bytes. */ var input = salt + password; for (var i = input.length; i < 63; i++) { input += String.fromCharCode(1); } /* Append a 'U' for user login, or a '\x01' for admin login. */ input += (document.forms["myform"].username.value == 'user') ? 'U' : String.fromCharCode(1); /* MD5 hash of the salt. */ var hash = hex_md5(input); /* Append the MD5 hash to the salt. */ var login_hash = salt.concat(hash); /* Send the login hash to the server. */ var xmlobj = new xmlDataObject(data_ready, data_timeout, 6000, "/post_login.xml?hash=" + login_hash); if (!xmlobj) { /* Browser does not support XML DOM. */ alert ("Ihr Webbrowser ist nicht aktuell genug, um diese Website zu verwenden. Aktualisieren Sie Ihren Browser."); return; } xmlobj.retrieveData(); }
May anyone explain what the hydra parameters for bruteforcing that?
Best Regards
Benjamin
Originally Posted by lupin
