Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Javascript Password Crack?

  1. #1
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    7

    Default Javascript Password Crack?

    Hi all,

    My math-teacher challenged me to crack a password on his website.
    The page is 'protected' with a JavaScript popupbox, where the user input is used to generate an .html adress. ie.: when a user types in "blabla" in the popupbox, the script will add .html, so blabla.html, and if the password is correct, the user will be linked to the page, else, a 404 error will pop up.

    So, there has to be an page *.html with the right title (the password).
    Knowing that, I tried WGet to download the whole folder, thinking that the (password.html) page will be in there, but I get all the files, except the one I look for, therefor I get an 403 error, which means forbidden, so, Wget isn't an option.

    I've seen whole the source of the index.html and the popupbox.js, but theres no password in there, because it simply generates a link, and don't verifies if the password is correct or not.

    How can I get to the protected page?

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Write a quick shell script to iterate through a dictionary file or otherwise programmatically generate a list of *.html entries to feed wget and keep trying until you hit the correct one.

    You may also want to get a copy of CUPP (search for it) to generate a dictionary for you.

    Personally this sounds more like an attempt at security through obscurity then any actual valid security mechanism. If all it comes down to is guessing the correct name for the file that's hardly a daunting task (especially if there's ever more than one use).

    Additionally, if pass.html is really the method he's using then use of a public machine or non-private computer would reveal the "password" via browser history, which seems pretty stupid.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Of course, social engineering might fit here, too. Look at the objects and books on his desk to see what things may be hints. Think of the names of famous mathematicians, or theorems that he might have used, and include those in a dictionary attack. Names like Copernicus or Pascal spring to mind.
    Thorn
    Stop the TSA now! Boycott the airlines.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Unless one of the following applies, thorin's brute force suggestion is the only way to proceed:
    • There is a clue buried somewhere in one of the accessible pages on the website (did you check robots.txt, sitemap.xml, etc?). Are you SURE that there are no hints in the javascript? There's nothing obfuscated there, and no functions being called from other script files? Nothing in the comments either?
    • The "hidden" page is cached somewhere you can access it to find out what its called (such as in a browser cache, or a web proxy cache that you can somehow view)
    • You can gain sufficient access to the web server to enumerate files, e.g. via getting a directory listing, viewing web server log files, OS commanding, etc (only if that's permitted by your teacher of course)


    If brute force is your only option intelligent creation of a dictionary will help expedite the process - Thorns suggestion is a good one.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Also might want to look at the sourcecode of the original site.
    Tiocfaidh ár lá

  6. #6
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    7

    Default

    I replied earlier, but my post didn't show up in this thread.
    Anyway, the password is the answer to an intergral equation, which is known to be difficult:
    ( [ = intergral)

    -[ log(sin x)dx

    (and pi above the integral, and 0 under the integral)

    This equation must be solved exactly, not in numbers (then its -2,71 or something, calculated by my TI 83+).
    So, if someone here can solve this, I will try to enter the passwords, as it cant be entered in English, but only in Dutch, because its a Dutch website.

    Someone here said, that I can look in his browser history, but he only uses his laptop, which he carries with him.
    Also, sitemap.xml can't be found anywhere, I think he hasn't created one, so that isn't an option.

  7. #7
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by b-0yd View Post
    ( [ = intergral)

    -[ log(sin x)dx

    (and pi above the integral, and 0 under the integral)
    Well, if you mean

    "minus the integration of sin(x) with limits from zero to pi" I would first say I am not your teacher . Second, I'm a *** genius and calculated that it's -pi * log2. Third thing is, I'm not a genius but my google fu is quite good. But that's not true either. I didn't need it for this one. Just "integral log sin x" Google.

    Can anyone please solve - integration of log(sin x).dx with limits from 0 to (π/2). Thanks in advance.? - Yahoo! Answers India

    And the other thing is, that's an unproper integral. You can only integrate with limits (0, pi] and not [0, pi] I think...

    The integral is the surface under the function and because the surface under the sinus function from 0 to pi/2 is equals to the surface under the sinus function from pi/2 to pi, its twice as many as in the above url... 2 * -pi/2 * log(2) = -pi * log(2)
    Auswaertsspiel

  8. #8
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    7

    Default

    @ floyd: I tried your answer, and it didn't show up.
    One hint he gives is: the answer must be written as simply as possible.
    Also I dont wanna hack this with ftp hack or something, just with any sitemap/wget trick or something, or with an answer.

  9. #9
    prowl3r
    Guest

    Default

    Is it a MS IIS server ?

  10. #10
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    7

    Default

    Yes, it's a MS IIS server, so what do I have to do?

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •