PDA

View Full Version : Ghetto Aardvarks and passwords.



-KEN-
09-22-2001, 10:14 PM
my friend actually wrote a pretty good java function to "password" the roster for the site he made for our HS band (I son't know WHY he did this...) So I'm too lazy to ask him how to get in, so I did the logical thing: looked at the source fo any give-aways. so I found this:


function GoIn()
{
var Password = new Array("I","B","O","U","G","T","M","E","A","G","H","E","T","T","O","A","R","D","V","A","R","K")

function getNumbers()
{
return document.userInput.u1.value
return document.userInput.u2.value
return document.userInput.u3.value
}

var input1 = document.userInput.u1.value
var input2 = document.userInput.u2.value
var input3 = document.userInput.u3.value

var pw1 = Password[input1]
var pw2 = Password[input2]
var pw3 = Password[input3]

var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}
}

so somehwere in IBOUGHTMEAGHETTOAARDVARK lies a 3-letter name to the roster's page. Can anyone help me crack it? :) either that or you're going to make me ask him...the site is http://brhsband.macro-inter.net/roster.htm if you want to check out the layout (you enter numbers, which correspond to letters in IBOUGHTMEAGHETTOAARDVARK (yes, he really wrote I bought me a ghetto aardvark!), which then sends you to the 3-letter page name spelled out by those letters.) *sigh* this is going to annoy me if I can't find out without him telling me. I guess I could write a program to guess at random numbers, and insert this snip of code modified to C and have it check, but that'd be time-consuming, and I'd have to type in all those numbers (ow! my fingers)

Nick
09-22-2001, 11:48 PM
There's
16*15*14 = 3360, combinations so that should be searchable

no-one
09-22-2001, 11:52 PM
this is insanity


var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}
}


this is ALWAYS TRUE!!

Nick
09-23-2001, 01:06 AM
yeah your right :)

Betazep
09-23-2001, 01:45 AM
RH 6.2 box... good security.

index.html in the root web directory where xxx.html file resides so you can't get a file directory list the easy way.

Seems like a waste of time to go through the motions of xxx.html for all the possible solutions for a roster. I think your friend did his/her job well.

~Betazep

-KEN-
09-23-2001, 08:20 AM
Damn, I hate having to tell him he did something well...:( oh well. If I knew his middle name, the intial thing might work, but for now all I know is b-h, - being his middle name, which I can't remember. damn him and his ghetto aardvarks!

>>this is ALWAYS TRUE!!
yeah, he could've just done without the if, but it's a smart thing what he did - you always get sent to a page, but most of the time it's a non-existant one. oh well.

taylorguitarman
09-23-2001, 09:44 AM
why would you even put in the array?
if I knew the 3 characters of the file I'd skip the array and simply do

location.href = pw1 + pw2 + pw3 + ".html"

that changes you're possibilities to (not including special chars)
letters - 26 digits - 10 total = 36

36*36*36 = 46656 combinations
rather than
14*14*14 = 2744 combinations

-KEN-
09-23-2001, 09:56 AM
because the password boxes use numbers, which point to different letters in the array, which are then stored in pw1, pw2, and pw3.

taylorguitarman
09-23-2001, 10:35 AM
KEN :
I understand what he was trying to do (some sort of simple encryption) but the fact of the matter is if you simply take the input from the screen and store it in the variables rather than use it to reference array spots that don't even have distinct values you would greatly increase the number of possibilities.

using the restrictions of his page, being that the text boxes are only size 2, you could easily come up with a much greater number of posibilities.
combinations of one or two letters are possible, a letter and a digit, or one or two digits. Thus making it a password of length 6 in reality (but could be as small as 3).

choices for first spot 37 (36 letters and digits but doesn't have to have any)
choices for second spot 36 (has to be a letter or digit)
so there are 37 * 36 = 1,332 ways to fill the first text box.
there are three text boxes so we multiply
(37*36) * (37*36) * (37*36)
and we come up with 2,363,266,368 combinations for the name of that page.

your friend has only allowed for 2744 names.

this kind of stuff is called discrete math or combinatorics for those that are interested.

I should note that I think your friend had a very good idea to keep people out of a web page and even 2744 I think is more than most people would care to try and guess. kudos.

SOAK
09-23-2001, 06:09 PM
there is not need to brute force...

just download the whole page... there will be a .html file that has the pass in the file name

there are many progs that will allow you to view all the files on a site...

Betazep
09-23-2001, 08:11 PM
just download the whole page... there will be a .html file that has the pass in the file name

Alright... lets see you do it.




there are many progs that will allow you to view all the files on a site...

Like? It doesn't help the guy much if you just say it exists... but don't tell him what it is... does it?

SOAK
09-23-2001, 08:13 PM
i dont like feeding script kiddies and yes it is easily possible even if its gonna leave logs like hell on the poor guys comp

Betazep
09-23-2001, 08:14 PM
tell your friend to put up one hundred fake rosters and only update one... boy would that screw a few things up with people trying to guess out of 14 unique characters. You might think you have the right one... but not have the right one. Think about it...:D

Betazep
09-23-2001, 08:18 PM
>>i dont like feeding script kiddies and yes it is easily possible even if its gonna leave logs like hell on the poor guys comp

so then don't feed him... tell everyone what the three letter code is that opens xxx.html on the site because you say that it is easy. Put your knowlege where your mouth is so to speak. Or maybe you can't do it?

Unregistered
09-23-2001, 08:57 PM
shucks you found me out!
*sarcasm*
its against my ethic to hack anything for other people
do you know how many people ask me to get into **** for them?

Betazep
09-23-2001, 09:16 PM
>> do you know how many people ask me to get into **** for them?


Millions? Am I right... what do I win. Seriously... I understand. Don't worry... you will get better.

~Betazep

;)

-KEN-
09-24-2001, 06:22 AM
hack what? who said anything about hacking? I asked him this morning if anyone cares...figured it out. I guess you'd call that "social engineering"? what a freaking dumbass.

-KEN-
09-24-2001, 06:24 AM
Hehe, who wants to bet unregistered can't even telnet...all bets in!

Unregistered
09-24-2001, 08:17 AM
ok ken give me your ip :)

maybe ill learn how

mithrandir
09-24-2001, 08:20 AM
207.46.197.101 - try that (lol)

Betazep
09-24-2001, 10:14 AM
That isn't unregistered.... that is Uber SOAK the greatest hacker of our times...:p


here is my ip... come and get me.

24.165.45.44

:p

-KEN-
09-24-2001, 01:41 PM
betazep, I KNOW you ain't tryin tah steal MAH man...

Come and hack me - 127.0.0.1 !!

Betazep
09-24-2001, 01:49 PM
LOL! I can get right into that one with no problem at all! :D :D

-KEN-
09-24-2001, 03:52 PM
Really? how! I have to update my security!!

Betazep
09-24-2001, 05:04 PM
Yeah... while you are at it... update mine too! Look how easy it is for me to use 127.0.0.1! I really should be handcuffed. ;)

Fordy
09-24-2001, 05:09 PM
No seriously, I think that if he can hack into 127.0.0.1, he should be allowed to cause as much damage as possible without any comeback....

Go on.... Delete anything you want..... Cause havoc.......

Betazep
09-24-2001, 05:12 PM
Oh I am! I am! Just look at me deleting all this stu............................................... .................................... <ERROR: User Terminated>

doubleanti
09-24-2001, 08:18 PM
why did this turn into a hacker debate? i could have sworn we've had maybe three posts like that...