Thread: Ghetto Aardvarks and passwords.

my friend actually wrote a pretty good java function to "password" the roster for the site he made for our HS band (I son't know WHY he did this...) So I'm too lazy to ask him how to get in, so I did the logical thing: looked at the source fo any give-aways. so I found this:

Code:

function GoIn()
{
var Password = new Array("I","B","O","U","G","T","M","E","A","G","H","E","T","T","O","A","R","D","V","A","R","K")

function getNumbers()
{
return document.userInput.u1.value
return document.userInput.u2.value
return document.userInput.u3.value
}

var input1 = document.userInput.u1.value 
var input2 = document.userInput.u2.value 
var input3 = document.userInput.u3.value 

var pw1 = Password[input1]
var pw2 = Password[input2]
var pw3 = Password[input3]

var pw = pw1 + pw2 + pw3 
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}
}

so somehwere in IBOUGHTMEAGHETTOAARDVARK lies a 3-letter name to the roster's page. Can anyone help me crack it? either that or you're going to make me ask him...the site is http://brhsband.macro-inter.net/roster.htm if you want to check out the layout (you enter numbers, which correspond to letters in IBOUGHTMEAGHETTOAARDVARK (yes, he really wrote I bought me a ghetto aardvark!), which then sends you to the 3-letter page name spelled out by those letters.) *sigh* this is going to annoy me if I can't find out without him telling me. I guess I could write a program to guess at random numbers, and insert this snip of code modified to C and have it check, but that'd be time-consuming, and I'd have to type in all those numbers (ow! my fingers)

this is insanity


var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}
}


this is ALWAYS TRUE!!

RH 6.2 box... good security.

index.html in the root web directory where xxx.html file resides so you can't get a file directory list the easy way.

Seems like a waste of time to go through the motions of xxx.html for all the possible solutions for a roster. I think your friend did his/her job well.

~Betazep

Damn, I hate having to tell him he did something well... oh well. If I knew his middle name, the intial thing might work, but for now all I know is b-h, - being his middle name, which I can't remember. damn him and his ghetto aardvarks!

>>this is ALWAYS TRUE!!
yeah, he could've just done without the if, but it's a smart thing what he did - you always get sent to a page, but most of the time it's a non-existant one. oh well.

because the password boxes use numbers, which point to different letters in the array, which are then stored in pw1, pw2, and pw3.

KEN :
I understand what he was trying to do (some sort of simple encryption) but the fact of the matter is if you simply take the input from the screen and store it in the variables rather than use it to reference array spots that don't even have distinct values you would greatly increase the number of possibilities.

using the restrictions of his page, being that the text boxes are only size 2, you could easily come up with a much greater number of posibilities.
combinations of one or two letters are possible, a letter and a digit, or one or two digits. Thus making it a password of length 6 in reality (but could be as small as 3).

choices for first spot 37 (36 letters and digits but doesn't have to have any)
choices for second spot 36 (has to be a letter or digit)
so there are 37 * 36 = 1,332 ways to fill the first text box.
there are three text boxes so we multiply
(37*36) * (37*36) * (37*36)
and we come up with 2,363,266,368 combinations for the name of that page.

your friend has only allowed for 2744 names.

this kind of stuff is called discrete math or combinatorics for those that are interested.

I should note that I think your friend had a very good idea to keep people out of a web page and even 2744 I think is more than most people would care to try and guess. kudos.

just download the whole page... there will be a .html file that has the pass in the file name

Alright... lets see you do it.

there are many progs that will allow you to view all the files on a site...

Like? It doesn't help the guy much if you just say it exists... but don't tell him what it is... does it?

tell your friend to put up one hundred fake rosters and only update one... boy would that screw a few things up with people trying to guess out of 14 unique characters. You might think you have the right one... but not have the right one. Think about it...

>>i dont like feeding script kiddies and yes it is easily possible even if its gonna leave logs like hell on the poor guys comp

so then don't feed him... tell everyone what the three letter code is that opens xxx.html on the site because you say that it is easy. Put your knowlege where your mouth is so to speak. Or maybe you can't do it?