Results 1 to 4 of 4

Thread: POssible for Hydra ( java script inside )?

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    2

    Default POssible for Hydra ( java script inside )?

    Hi,
    i hope its the right forum.

    The Form:

    Code:
    					<form id="myform" action="/dummy" onsubmit="send_login(); return false;">
    							<fieldset>
    								<p>
    									<label class="duple" for="username">Benutzername&nbsp;:</label>
    									<select id="username" name="username">
    										<option value="admin">Administrator</option>
    										<option value="user">Benutzer</option>
    
    									</select>
    								</p>
    								<p> 
    									<label class="duple" for="password">Kennwort&nbsp;:</label>
    									<input type="password" id="password" maxlength="15" name="password" value="" tabindex="100" />
    									<input class="button_submit_padleft" type="button" name="Login" value="Anmelden" onclick="send_login();" />
    								</p>

    And the function:

    Code:
    	function send_login()
    	{
    		/* Salt in hex, 8 chars long. */
    		var salt = "cc52f345";
    
    		var password = document.forms.myform.password.value.substr(0,16);
    		document.forms.myform.password.value = "";		// Make sure password never gets sent as clear text
    
    		/* Pad the password to 16 chars. */
    		for (var i = password.length; i < 16; i++) {
    			password += String.fromCharCode(1);
    		}
    
    		/* Append the password to the salt and pad the result to 63 bytes. */
    		var input = salt + password;
    		for (var i = input.length; i < 63; i++) {
    			input += String.fromCharCode(1);
    		}
    
    		/* Append a 'U' for user login, or a '\x01' for admin login. */
    		input += (document.forms["myform"].username.value == 'user') ? 'U' : String.fromCharCode(1);
    
    		/* MD5 hash of the salt. */
    		var hash = hex_md5(input);
    
    		/* Append the MD5 hash to the salt. */
    		var login_hash = salt.concat(hash);
    
    		/* Send the login hash to the server. */
    		var xmlobj = new xmlDataObject(data_ready, data_timeout, 6000, "/post_login.xml?hash=" + login_hash);
    		if (!xmlobj) {
    			/* Browser does not support XML DOM. */
    			alert ("Ihr Webbrowser ist nicht aktuell genug, um diese Website zu verwenden. Aktualisieren Sie Ihren Browser.");
    			return;
    		}
    		xmlobj.retrieveData();
    	}

    May anyone explain what the hydra parameters for bruteforcing that?

    Best Regards

    Benjamin
    Last edited by lupin; 03-13-2010 at 03:29 AM. Reason: Code boxes are your friend

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: POssible for Hydra ( java script inside )?

    What website is this from?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: POssible for Hydra ( java script inside )?

    Quote Originally Posted by lupin View Post
    What website is this from?
    You might try a D-Link DIR-635. If the mods are a bit suspect on this one, he has posted the question in at least two german forums elsewhere as well but has not stripped a lot of the information out of those as far as I can tell. My german is apparently a little rusty.

    And to answer the OP's question, no to hydra.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    2

    Default Re: POssible for Hydra ( java script inside )?

    Hi thanks for answering, its a Dlink Dir 615.
    I tryd combinations with salt+rainbowshashes, but hydra dont make it out. I add the right hash but nothing...

    Anyone can explain what tool i can use for that?


    Thanks

    bye

    Benjamin

Similar Threads

  1. Hydra error
    By Valen in forum Beginners Forum
    Replies: 3
    Last Post: 07-09-2010, 03:11 AM
  2. Why cant BackTrack use wireless card “X” inside VMWare or Virtualbox ?
    By balding_parrot in forum Frequently Asked Questions
    Replies: 0
    Last Post: 02-28-2010, 06:31 AM
  3. java and flash palyer problems
    By Li1_Monster in forum Beginners Forum
    Replies: 2
    Last Post: 02-27-2010, 02:46 PM
  4. Firefox missing plugin - java runtime environment
    By halfdone in forum Beginners Forum
    Replies: 3
    Last Post: 02-01-2010, 05:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •