SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Evangelist -T-'s Avatar
    Join Date
    Jun 2002
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    find password and username

    Can you do it?

    Code:
     <HTML>
    <HEAD>
    <meta name="robots" content="noindex,nofollow">
    <SCRIPT LANGUAGE="JavaScript">
    <!-- Hide from JavaScript-Impaired Browsers
    al="`1234567890-=~!@#$%^&*()_+qwei"
    +"fyutop[]QWERTYUIOP{}|oeeiflryt;A"
    +"ASYENDKQ:ajeeurj,./ZXCVBNM<>c?";
    ab1="";
    bctr=0;
    count=0;
    function ckPwd(){
     tst=document.isn.username.value+"-"+document.isn.passwrd.value+"-";
     ls=document.pd.pe.value;
     a=eval(ls.substring(0,2))-91;
     ls=ls.substring(2,ls.length);
      nls="";
     flg=0;
     ab=eval(ls.substring(0,2))-93;
     while (ls.length>28){
    	ab1=(ab1==""?""+ab:ab1);
      oab1=ab1;
      ls=ls.substring(2,ls.length);
      for (var i=0;i<ab;i++) {
    nr=eval(ls.substring(0,2))-a;
       ls=ls.substring(2,ls.length);
     nls+=al.charAt(nr);
    	}
    	nls=nls+al.charAt(count+11);
      if (nls.indexOf(tst)>-1){
       ls="";
       flg=1;
    	 }
      }
     if (flg==1){
      tstOk();
      }
     else{
      bctr++;
      if (bctr>3){
       location.href="denied.htm";
       }
      else{
       alert("Sorry. Bad Username or Password."
       +" Failed Attempt #"+bctr+".");
       }
      }
     }
    function tstOk(){
     ab1=ab1+""+a;
      alert("Access Granted");
      location.href=""tst.substring(1,5)+".htm";
     }
    function srand() {
     today=new Date();
     rand=today.getTime();
     picker=""+rand
     picker=picker.charAt((picker.length-4));
     rec=eval(picker);
     }
    // End Hiding -->
    </SCRIPT>
    <title>LoginMatrix HackMe Challenge - Level Five</title>
    </HEAD>
    <BODY BGCOLOR="#000000">
    <FORM NAME="pd">
      <INPUT TYPE='hidden' NAME='pe' VALUE="999881643741603838598498816760606041815967 ">
    </FORM>
    <!-- You may put any page content you wish here
    The HTML below for the password entry is presently set for blue background and white type. You may change colors to fit your own page design without impacting on the script, so long as the form elements stay the same.  -->
    <FORM NAME="isn" Action="javascript:ckPwd()"><br><br><br>
      <TABLE BORDER=2 CELLPADDING=5 CELLSPACING=0 width="271" bordercolor="red" align="center">
    	<TR> 
    	  <TD COLSPAN=2 ALIGN=middle> <h2><B><font COLOR="red">Password Access<BR>
    		  to Restricted Pages</font></B></h2></TD>
    	</TR>
    	<TR> 
    	  <TD> <p><B><font COLOR="red">User Name:</font></B></p></TD>
    	  <TD> <INPUT NAME="username" SIZE=10 > 
    	  </TD>
    	</TR>
    	<TR> 
    	  <TD> <p><B><font COLOR="red">Password:</font></B></p></TD>
    	  <TD> <INPUT TYPE="password" NAME="passwrd" SIZE=10 > 
    	  </TD>
    	</TR>
    	<TR> 
    	  <TD COLSPAN=2 ALIGN=middle> <INPUT TYPE="button" NAME="btn" VALUE=" Submit " onClick="ckPwd();return false;" > 
    	  </TD>
    	</TR>
      </TABLE>
    </FORM>
    <SCRIPT LANGUAGE="JavaScript">
    <!-- Hide JavaScript from Java-Impaired Browsers
    document.isn.username.focus();
    // End Hiding -->
    </SCRIPT>
    </BODY>
    </HTML>
    chrome is a wrapper that combines a browser with spyware

  2. #2
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do what? What username and password?
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  3. #3
    011521 dbalsdon's Avatar
    Join Date
    Feb 2003
    Location
    North Of Scotland
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i cant find it(i'm not gonna decode it), but somebody who had the time to decode it, would be able to....

    Edit:


    Code:
    al="`1234567890-=~!@#$%^&*()_+qwei" +"fyutop[]QWERTYUIOP{}|oeeiflryt;A" +"ASYENDKQ:ajeeurj,./ZXCVBNM<>c?";
    the username and passowrd are encoded somewhere in that code

    Daniel Balsdon
    My Site

  4. #4
    011521 dbalsdon's Avatar
    Join Date
    Feb 2003
    Location
    North Of Scotland
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    beetle.. he wants you to try and find the username and password in the code
    Daniel Balsdon
    My Site

  5. #5
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ah, this is the LoginMatrix HackMe Challenge. Sorry bud, I've done this before for myself. What fun would it be giving out the answer?

    I think you should work hard at it, or accept the fact that for right now, level 4 is the highest you can pass.

    I mean, seriously, what's gonna happen when you see level 6 (which is harder)? Come back here and ask again?
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  6. #6
    SitePoint Evangelist -T-'s Avatar
    Join Date
    Jun 2002
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I was hoping none would notice :P

    whta do you mean lvl4 is the highest? I've worked my way from 1 to 14 today

    this is 14 and I'm confused. To much code for me
    chrome is a wrapper that combines a browser with spyware

  7. #7
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by -T-
    Can you do it?
    Code:
    <title>LoginMatrix HackMe Challenge - Level Five</title>
    Level 14, eh?
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  8. #8
    SitePoint Evangelist -T-'s Avatar
    Join Date
    Jun 2002
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    these guys must have stolen it then

    http://scifi.pages.at/hackits/
    chrome is a wrapper that combines a browser with spyware

  9. #9
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Must have. The challenges at the actual LoginMatrix site get much tougher. The last one (level 9) is a java applet, with which I have no experience, so that's as far as I've gotten.
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  10. #10
    SitePoint Evangelist -T-'s Avatar
    Join Date
    Jun 2002
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm, there is a java applet at lvl 13 on this site. pretty easy to get through

    Just download the class and decompile it
    chrome is a wrapper that combines a browser with spyware

  11. #11
    Web-coding NINJA! silver trophy beetle's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    2,900
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm sure it is, I just don't mess w/java. Yet.
    beetle a.k.a. Peter Bailey
    blogs: php | prophp | security | design | zen | software
    refs: dhtml | gecko | prototype | phpdocs | unicode | charsets
    tools: ide | ftp | regex | ffdev




  12. #12
    011521 dbalsdon's Avatar
    Join Date
    Feb 2003
    Location
    North Of Scotland
    Posts
    444
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by -T-
    hmm, there is a java applet at lvl 13 on this site. pretty easy to get through

    Just download the class and decompile it
    and i cant even get lvl 8 yet . no matter what i check, i cant find the password..
    Last edited by dbalsdon; Oct 3, 2003 at 17:13.
    Daniel Balsdon
    My Site


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •