View Full Version : Ghetto Aardvarks and passwords.

09-22-2001, 10:14 PM
my friend actually wrote a pretty good java function to "password" the roster for the site he made for our HS band (I son't know WHY he did this...) So I'm too lazy to ask him how to get in, so I did the logical thing: looked at the source fo any give-aways. so I found this:

function GoIn()
var Password = new Array("I","B","O","U","G","T","M","E","A","G","H","E","T","T","O","A","R","D","V","A","R","K")

function getNumbers()
return document.userInput.u1.value
return document.userInput.u2.value
return document.userInput.u3.value

var input1 = document.userInput.u1.value
var input2 = document.userInput.u2.value
var input3 = document.userInput.u3.value

var pw1 = Password[input1]
var pw2 = Password[input2]
var pw3 = Password[input3]

var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}

so somehwere in IBOUGHTMEAGHETTOAARDVARK lies a 3-letter name to the roster's page. Can anyone help me crack it? :) either that or you're going to make me ask him...the site is http://brhsband.macro-inter.net/roster.htm if you want to check out the layout (you enter numbers, which correspond to letters in IBOUGHTMEAGHETTOAARDVARK (yes, he really wrote I bought me a ghetto aardvark!), which then sends you to the 3-letter page name spelled out by those letters.) *sigh* this is going to annoy me if I can't find out without him telling me. I guess I could write a program to guess at random numbers, and insert this snip of code modified to C and have it check, but that'd be time-consuming, and I'd have to type in all those numbers (ow! my fingers)

09-22-2001, 11:48 PM
16*15*14 = 3360, combinations so that should be searchable

09-22-2001, 11:52 PM
this is insanity

var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}

this is ALWAYS TRUE!!

09-23-2001, 01:06 AM
yeah your right :)

09-23-2001, 01:45 AM
RH 6.2 box... good security.

index.html in the root web directory where xxx.html file resides so you can't get a file directory list the easy way.

Seems like a waste of time to go through the motions of xxx.html for all the possible solutions for a roster. I think your friend did his/her job well.


09-23-2001, 08:20 AM
Damn, I hate having to tell him he did something well...:( oh well. If I knew his middle name, the intial thing might work, but for now all I know is b-h, - being his middle name, which I can't remember. damn him and his ghetto aardvarks!

>>this is ALWAYS TRUE!!
yeah, he could've just done without the if, but it's a smart thing what he did - you always get sent to a page, but most of the time it's a non-existant one. oh well.

09-23-2001, 09:44 AM
why would you even put in the array?
if I knew the 3 characters of the file I'd skip the array and simply do

location.href = pw1 + pw2 + pw3 + ".html"

that changes you're possibilities to (not including special chars)
letters - 26 digits - 10 total = 36

36*36*36 = 46656 combinations
rather than
14*14*14 = 2744 combinations

09-23-2001, 09:56 AM
because the password boxes use numbers, which point to different letters in the array, which are then stored in pw1, pw2, and pw3.

09-23-2001, 10:35 AM
I understand what he was trying to do (some sort of simple encryption) but the fact of the matter is if you simply take the input from the screen and store it in the variables rather than use it to reference array spots that don't even have distinct values you would greatly increase the number of possibilities.

using the restrictions of his page, being that the text boxes are only size 2, you could easily come up with a much greater number of posibilities.
combinations of one or two letters are possible, a letter and a digit, or one or two digits. Thus making it a password of length 6 in reality (but could be as small as 3).

choices for first spot 37 (36 letters and digits but doesn't have to have any)
choices for second spot 36 (has to be a letter or digit)
so there are 37 * 36 = 1,332 ways to fill the first text box.
there are three text boxes so we multiply
(37*36) * (37*36) * (37*36)
and we come up with 2,363,266,368 combinations for the name of that page.

your friend has only allowed for 2744 names.

this kind of stuff is called discrete math or combinatorics for those that are interested.

I should note that I think your friend had a very good idea to keep people out of a web page and even 2744 I think is more than most people would care to try and guess. kudos.

09-23-2001, 06:09 PM
there is not need to brute force...

just download the whole page... there will be a .html file that has the pass in the file name

there are many progs that will allow you to view all the files on a site...

09-23-2001, 08:11 PM
just download the whole page... there will be a .html file that has the pass in the file name

Alright... lets see you do it.

there are many progs that will allow you to view all the files on a site...

Like? It doesn't help the guy much if you just say it exists... but don't tell him what it is... does it?

09-23-2001, 08:13 PM
i dont like feeding script kiddies and yes it is easily possible even if its gonna leave logs like hell on the poor guys comp

09-23-2001, 08:14 PM
tell your friend to put up one hundred fake rosters and only update one... boy would that screw a few things up with people trying to guess out of 14 unique characters. You might think you have the right one... but not have the right one. Think about it...:D

09-23-2001, 08:18 PM
>>i dont like feeding script kiddies and yes it is easily possible even if its gonna leave logs like hell on the poor guys comp

so then don't feed him... tell everyone what the three letter code is that opens xxx.html on the site because you say that it is easy. Put your knowlege where your mouth is so to speak. Or maybe you can't do it?

09-23-2001, 08:57 PM
shucks you found me out!
its against my ethic to hack anything for other people
do you know how many people ask me to get into **** for them?

09-23-2001, 09:16 PM
>> do you know how many people ask me to get into **** for them?

Millions? Am I right... what do I win. Seriously... I understand. Don't worry... you will get better.



09-24-2001, 06:22 AM
hack what? who said anything about hacking? I asked him this morning if anyone cares...figured it out. I guess you'd call that "social engineering"? what a freaking dumbass.

09-24-2001, 06:24 AM
Hehe, who wants to bet unregistered can't even telnet...all bets in!

09-24-2001, 08:17 AM
ok ken give me your ip :)

maybe ill learn how

09-24-2001, 08:20 AM - try that (lol)

09-24-2001, 10:14 AM
That isn't unregistered.... that is Uber SOAK the greatest hacker of our times...:p

here is my ip... come and get me.


09-24-2001, 01:41 PM
betazep, I KNOW you ain't tryin tah steal MAH man...

Come and hack me - !!

09-24-2001, 01:49 PM
LOL! I can get right into that one with no problem at all! :D :D

09-24-2001, 03:52 PM
Really? how! I have to update my security!!

09-24-2001, 05:04 PM
Yeah... while you are at it... update mine too! Look how easy it is for me to use! I really should be handcuffed. ;)

09-24-2001, 05:09 PM
No seriously, I think that if he can hack into, he should be allowed to cause as much damage as possible without any comeback....

Go on.... Delete anything you want..... Cause havoc.......

09-24-2001, 05:12 PM
Oh I am! I am! Just look at me deleting all this stu............................................... .................................... <ERROR: User Terminated>

09-24-2001, 08:18 PM
why did this turn into a hacker debate? i could have sworn we've had maybe three posts like that...