|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 50
Members: 0
Total: 50
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
possible to decrypt javascript |
|
Posted: Tue Jul 26, 2005 12:22 pm |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
is it possible to decrypt this:
Code: |
<script language="javaScript">function ahpp_decr(AtLoad){page="KE\067\075\046\067\074\076\054E\077\060\076\076E\063\060\054\045\054\064DQ_JL\062]\052JX\040\047\066E\053\061\043\045ECJCCE\067\027\017\007\026\036\020\032\035\013\002\011AF\040\071F~xG\013\021\032\031_XK\004\005\022M\022]G\012\005\003\\\046\067L\015\032\004\011CK\037\035\012\020\000@\015\021\023FMo_\015\032\004\011IiyN\015\006\004\012Wh}X\007\033\021\017\000P\074\013\003\015\007\036\000\007E\052\006\006\002\011\026\034\021_J\032\000\021\033\001Mo_\010\013\035\004W\014\007\006\025N\000\037\034\014\001YQ\061\012\015\021\013\007\021Z\060\012\002\000AE\015\006\013\003\001\035\006XA\021\013\021\021X\014\007\037\011XE\015\001\004\005\027\026\006X\012\026\001D]OQJ_TA[ccY\004\020\012\036\000C\021\027\031\000JF\007\027\035\027J\015\032\026UZ~xYBHCdoY\027\007\013\011\006TN\022\003\030\012\007_\026\012\037\013SEDR\003\012\030no@\032\021\016\010\026@E\030hd`\003\030\012\007_\026\012\037\013SEEP\003\012^nog\017\012\031\020^\005\000\012\002\006\035_W\006\034\036\001Xhd\024h}J\000\006\034\017\000]I\036\021\013\035\006H\020\014\024\014_WUK\002\035\036hdDHIiyNJ\020\021\027\005\000IiyNJ\013\000\017\015[zn~xY\001\012\012\020[znO\026\014\025E\017\005\014\020\012NP\006\006\013\032\014\027UZ~xECY\036I\006\033\005\000\001XA\026\032\020\011\022VQL\050\002\013\011\014E\003\015\035\025E\006\027N\035\004\025\021\037\023\002\027E\007I\055\002\026\006\037E\010\012\003\004\020\031\001O]\025]hdIEK\024S\021\011\002\026\035TG\004\020\012\036\000PGP\044\000\004\020S\035\010\007\014\035\002\020\003\001\001\006E\006\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\004\025E\003\034\026\033\015\036\001\016\006E\007\007\013\001\005\035\026\027\006\027\013I\026\030\011S\027\027C\010\013\016\000\003D\000\006\000\021\016\032I\003\030\026\025\035\027\007\000\002\035E\036D\025\035\027\013\012\002\015E\003\015\037R\004\015\001\034\014KW\054\005\035\027\005\012\034I\016\035B\034\001\011\002\026\006R\027\022\027S\024\027\012\026\005\014E\002\012\024\026\012\016\026\035\002\012\033\001\026\036\000\025\000\034I\010\022\000S\033\013\015\023\017\007\001\005\001\001\020\004\010\002\034\034\013\031D\007\033\011C\026\005\006\011\022\012S\037\000\007E\032\010\035\036D\021\027\021\002\011\032I\004\001D\030\035\010\016\020\000\014\013HD\073\004\012\021\003\001\033E\034\016U\035\026\017\004\035\001^\005\001\000R\020\015\002\013I\014\031\012\005\023\013\007\027\013\033E\034\022\032\034\013\006\027N\035\014\033D\032\034\021\021\012\012\034\026\034\016\034\034\026\010\020\034\032E_\015\035\034\021\012\011\002IVGTCR\021\012\010\013\033LW\015S\006\004\033\014N\013\000\003\005\037\006E\002\023N\002\012\032\011\006\034\000\015E\000O\004\005\015\035\025^\021E\010\002\026Y\001\037\026\027\006E\000\006\027\004\017\026R\016\025\014\000\007\000\005D\036\027\001C\026\032\014\027\034\020S\034\000\007\026\017\035\021W\006\026\004\000\004\000\002\000\002\037\001\007R\010E\004\034\000\013\020_S\006\004C\026\013\016E\021\026\022\037E\023C\017\033\014\031\003HR\000\004\000\000I\015Q\005\001\033\013\004^\000\015IW\001\037\036\000\021E\035\014\011\001D\021\027\021\002\011\013I\001\005\013\000\030\000C\004\030I\026\036\012S\006\027\032\002\012VE\077\022\034\000\003\014\027N\017C\026\026\032\034\002X\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\014\015\013\030\010\013\023\026\026\000\000C\007\013\035\004\033\020S\036\014\025\026\002\010\013\020D\033\007\026\017\000\007\014IW\002\012\036\021C\012\036\031E\004\015\007\006E\013\020\035I\010\022\000S\032\023\012\021\013I\012\020D\021\000\020\015\000\030\010\027\022\026S\023\023C\007\013\032\021\022D\036\027\027\010\000QI\041\022\020\007\027E\016\000\000\032E\031\013\001\026\010\006\013\000I\026\030\011S\032\004\021E\004\006\007\025\001\007R\015\006\011\013I\026\036\020\007R\011\012\023N\006\003\003\001S\037C\002\027\007\007\002LD\000\027\011\004\000N\010\011\003D\027\027E\006\014\013\033E\037\022\032\001E\007\000N\004\014\004\020\026\000E\002\027\014\014\014\023D\026\036\011\006\027N\013\011\036D\000\013\016\006ZN\041\023\030\026\025\035\027C\003H\010\027\036\012\024I\027C\010\033\032\011\036\011\000\031\000C\020\000\016\001\030\011\036\027\027C\026H\010\000\033\015\024I\027\001\000\006\010\013\023\010\032\034\002C\025H\010\027\036\012\024IE\001\004\034\007\000W\013\024R\020\015\002\012\006\010\004\017\034\036\000\015ZN\041\023\030\026\025\035\027C\026\002\000\025\007\001\001R\001\006E\007I\010\030\020\000\027\021\015\014\000\016E\003\015\037R\004\015\001\034\014E\022\010\026\004\000\021E\001\033\001\036\012U\023\000\017\014\011R\027W\001\030\001\004\016\000\000I\025Q\005\001\033\013\004^N\032\016\030\010\026\034ZC\055\030\006\027\021\013\001R\000\021E\012\014\021W\015\035\034\027\006\001\013\035EQ\025\006\035\021X\010\007\007\014\032\013\000\031\000E\024\033\006\021LD\003T\004\021\014\000\016^W\027\030\035\011\006\013QI\055\001\013\001\024\012\021E\001\031\000\005\001\001\027\027C\016\001\004\010\002\012\026\034E\016\000\012I\000\020\001\007R\014\015\013\030\010\013\023\026\026\000\007\026\001\035\003\000\003\020_R\026\014\010N\000\016\034\001S\031\012\016\010\013\033E\026\012\027\000\000C\021\007\005\002\030\000\026\\E\046\027N\015\000\003D\001\033\016\027\014\011I\026\030\011S\000\034\010\021\013\007\000W\027\032\027\027C\004\032I\001\022\020S\027\027C\003\017\033\000W\002\034\000E\020\025\034\014\001\031\015\035\025E\002\023N\032\034\034\000\034\037\010\006\027N\032\012\032D\025\031\026ME\035\004\014\003\020\000\035\010C\021\033\013\000\005\017\006\036\012\020\000N\017\027\026D\026\034\016\006\011\032\014E\036\012\035\004\004\015\001\034\014\027\032\015\037\030C\014\026\002\010\026\037_\026\000E\027\014\002IE\031\013\001\001\016\006E\035\002\012\033\001\026\036\000\025\000\034VE\044\010\032\031\000C\026\036O\012\004\010\022\001\015X\027\035\004C\026\026\032\034\002X\011N\001\004\005D\031\027\002C\014NO\004\005\015\035\025^\021\000\030\000\026W\027\007\033\011\017\000\032I\021\036\010S\031\012\016\010\033\007\000\026\000\036\033\013\012\026\032\033\004\004\016\034\034\000\015E\033\035\000\031DU\023\027\012\013\011RE\021B\022\000\014\015\002UI\026\001\005\001\\E\055\012\013I\016\026\012S\031\004\015\026\005\003\000W\002\034\000\016\017\004\034\014\026[D\035\035\000C\010\013\015\003Q\013\000\036\004\020\015U\033\000\005D\000\033\016\010\000\034\035E\036\017\030\027E\021\014\005\035\014\020\014\026\006KC\044\002\035E\031B\022\000\014\015\002UI\023\022\020S\004\014C\004\032I\003\030\026\000\031\017\006\011\002\032\007\022\014\022\034\001\017\014\000\016\000\031D\032R\016\014\010\003\034\013\022\012S\027\027C\000\000\006\027\032HS\035\002C\004\032I\016\030\011\036\007\013\006\013\035I\014\031\002\034\000\010\002\026\004\006\013\022\026S\027\027C\000\000\032\027\022\020\007\027\021C\012\011I\012\021\020\026R\020\020\004\000\007KW\057\001\023\023\006\021N\035\014\033D\032\034\021\006\002\034\014\027\036\012\024R\000\021E\000\014\026\003\001\035R\021\014\021\032\010\011\003D\036\033\026\017\034\005\002\000\003D\036\027\001C\000\000\002\000\033\020\026R\015\006\001\013\033\011\036\003S\007\013\015\021\017\002DW\062\032R\026\010\004\002I\025Q\005\001\033\013\004^N\015\014\004\027\026R\026\012\001\013\007\000W\027\026R\025E\004\034\000\013\020_S\001\004\010\000\000\014IW\013\024R\025\021C\001\032\011\026\027\033I\023\006EH\010\027\036\012\024IE\001\000\035\037\004\005\001S\026\014\020\026\013I\026\007B\034\001\011\002\026\006R\027\004\011U\023\027\012\013\011R\011\022\012\026R\014C\001\013\007E\020\026\022\026E\007\000\032I\000\005D\036\007\011\012\002@I\063\036DU\035\026\017\004\035\001^\031\027\030\027\027C\014\000\007\026\007\015\037\036E\005\027\017I\014\031\012\021\013\002\004\000\034\014E\004\013\036R\016\002\013N\017\012\005\020\026\036\011\006E\006\000\026\003\013\001\033\000\021IN\014\011\033\001\001R\015\002\027N\032\034\031D\003T\004\021\014\000\016^W\000\032\001\026\006E\035\010\016\022\012\026\\E\065\014N\001\004\005D\034\025\026E\004\034\000\013\020_S\023\013\007\027\013I\021\016\024\026\000E\020\004\005\014\027W\027\034\037E\010\012\003\004\020\031\001\035RC\014\026\002\010\026\037_\035\001\016\006\027NO\004\005\015\035\025^C\003\001\033\021\036\001IRE\021\034\005\035\000\005D\034\037E\005\012\034\016\014\021\020\026\006E\007\027\007\002\016\022\022\022\034\013OE\005\006\010\032\021\035\027\013\020E\017\033\027\030\003\022\034\021\006E\001\016E\033\015\030\027\002\032\011\012\000\002\022D\025\035\027\013\012\002\015E\030\022\026\034\003\014\027N\032\023Q\005\026\036\014\004^\034\035E\037B\034\001\011\002\026\006R\034\022D\001\023\001\014\013\005\006\013\004\001\035\006\027\002\026\004\006\013\022\026_R\012\004E\001\004E\031B\022\027\011\012\002U\033\015\022\020\026\034E\027\014\002I\015Q\013\000\036\004\020\015U\020\026\007\001\035\006\011\012\013\004\014\027[D\026\034\016\006\011\032\014E\022\010\027\000\000\020E\035\000\021\002\005\000\030\012\015\000\034I\025Q\005\001\033\013\004^N\032\034\034\001\033\030\000\016IN\006\026\001JS\067\021\027\000\034I\023Q\005\001\033\013\004^\034I\010\022\012\032\034\002C\000\034I\004\033\020S\026\000\027\021\013I\000\003D\030\035\010\016\020\000\010\011\003D\022\034\026\025\004\034I\026\030\011S\033E\020\021\001\033E\020\026\022\026E\001\011\007\033E\021\013\001\001C\014\026\002\010\026\037_\036\006KC\055\004\014\011\007D\034\001\026C\012\011I\004\001\017\001\027\003\027\000N\014\011\033\001\001R\007\006\016\034\014\003\003\001S\001\004\010\000\034I\026\030\011S\026\000C\012\030\014\027YD\072\034\013\027\014\002I\023\036\000\026\000\000C\003\001\033\007\022\014\034\036\001\006\027N\037\014W\000\032\001\026\006E\035\000\001\022\012\026R\003\014\027N\004\000\023\010\026\037\010\006\027N\006\002W\027\012\037\025\002\021\007\032C\030\027\037\023\026\013^\034\014\027YX\\\002[noNIY\007ZO\023E\013\027\013\017XU\020\026\037\004RK\006\035\010UD\020\036\004\020\026SK\026\003\035\037\027TA[\046\014\027W\017\034\037\010\006\027N\017C\030\027\037\023\026\013^\034\032\021\022D\007\027\010\002\026\007\015\000W\013\036R\012\025\000\034\032\021Q\005\001\033\013\004^\013\007\001\022D\003\000\012\001\011\013\004\026\003\015\037\036\014\015\002\013\033EKK\022LYL\025PdoWDO\001\025\002\013N\012\011\026\027\000OG\020\021\027\005\000FFMN\004C\015\034\014\003JF\032\034\001\006\035@\001\021\032FM\046\054\057\047\057\042\040KK\022LYL\026\036\010\013IDSoCER\031[Q\012\021\001\025XYA\031[znSRY\023[H\007\007\004\024HRYL\025PdoKK\027\033\023]hdUJ\025\013\027\013[noRF\015\003\011\037L";ipwd=415178;err="Feil Wrong pass!";res=417003;add=6395;if(AtLoad==0){document.ahpp_pwd_f.pwd.focus();pq1=document.cookie.substring(9, 30);}else{pq1=document.ahpp_pwd_f.pwd.value;}pl=pq1.length;if(!pl){if(AtLoad){alert(err);}return;}for(i=0; i<pl; i++){if(i%2 == 0) res = res^pq1.charCodeAt(i);else res = res^(pq1.charCodeAt(i)<<8);add+=pq1.charCodeAt(i);}res+=add;res+=pq1.length;if(res!=ipwd){if(AtLoad){alert(err);}return;}document.cookie="AHPP_pwd="+pq1;s="";pl2=Math.round(pl/2-0.1);pq1=pq1+pq1;for(i=0; i<page.length; i++)s+=String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));document.write(s);document.close();document.location.reload()}</script>
</head>
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jul 26, 2005 3:10 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
it seems some sort of login mechanism using javascript obfuscation.
i would like to get html form also from (rest of the page) which the input is given to get a better idea whats going on. in the meanwhile tell me if i'm wrong if i guess that password is: 415178
? |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Tue Jul 26, 2005 7:13 pm |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
here is the full login source:
Code: |
<html>
<head>
<title>Logon page - please enter a password</title>
<script language="javaScript">function
ahpp_decr(AtLoad){page="KE\067\075\046\067\074\076\054E\077\060\076\076E\063\060\054\045\054\064DQ_JL\062]\052JX\040\047\066E\053\061\043\045ECJCCE\067\027\017\007\026\036\020\032\035\013\002\011AF\040\071F~xG\013\021\032\031_XK\004\005\022M\022]G\012\005\003\\\046\067L\015\032\004\011CK\037\035\012\020\000@\015\021\023FMo_\015\032\004\011IiyN\015\006\004\012Wh}X\007\033\021\017\000P\074\013\003\015\007\036\000\007E\052\006\006\002\011\026\034\021_J\032\000\021\033\001Mo_\010\013\035\004W\014\007\006\025N\000\037\034\014\001YQ\061\012\015\021\013\007\021Z\060\012\002\000AE\015\006\013\003\001\035\006XA\021\013\021\021X\014\007\037\011XE\015\001\004\005\027\026\006X\012\026\001D]OQJ_TA[ccY\004\020\012\036\000C\021\027\031\000JF\007\027\035\027J\015\032\026UZ~xYBHCdoY\027\007\013\011\006TN\022\003\030\012\007_\026\012\037\013SEDR\003\012\030no@\032\021\016\010\026@E\030hd`\003\030\012\007_\026\012\037\013SEEP\003\012^nog\017\012\031\020^\005\000\012\002\006\035_W\006\034\036\001Xhd\024h}J\000\006\034\017\000]I\036\021\013\035\006H\020\014\024\014_WUK\002\035\036hdDHIiyNJ\020\021\027\005\000IiyNJ\013\000\017\015[zn~xY\001\012\012\020[znO\026\014\025E\017\005\014\020\012NP\006\006\013\032\014\027UZ~xECY\036I\006\033\005\000\001XA\026\032\020\011\022VQL\050\002\013\011\014E\003\015\035\025E\006\027N\035\004\025\021\037\023\002\027E\007I\055\002\026\006\037E\010\012\003\004\020\031\001O]\025]hdIEK\024S\021\011\002\026\035TG\004\020\012\036\000PGP\044\000\004\020S\035\010\007\014\035\002\020\003\001\001\006E\006\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\004\025E\003\034\026\033\015\036\001\016\006E\007\007\013\001\005\035\026\027\006\027\013I\026\030\011S\027\027C\010\013\016\000\003D\000\006\000\021\016\032I\003\030\026\025\035\027\007\000\002\035E\036D\025\035\027\013\012\002\015E\003\015\037R\004\015\001\034\014KW\054\005\035\027\005\012\034I\016\035B\034\001\011\002\026\006R\027\022\027S\024\027\012\026\005\014E\002\012\024\026\012\016\026\035\002\012\033\001\026\036\000\025\000\034I\010\022\000S\033\013\015\023\017\007\001\005\001\001\020\004\010\002\034\034\013\031D\007\033\011C\026\005\006\011\022\012S\037\000\007E\032\010\035\036D\021\027\021\002\011\032I\004\001D\030\035\010\016\020\000\014\013HD\073\004\012\021\003\001\033E\034\016U\035\026\017\004\035\001^\005\001\000R\020\015\002\013I\014\031\012\005\023\013\007\027\013\033E\034\022\032\034\013\006\027N\035\014\033D\032\034\021\021\012\012\034\026\034\016\034\034\026\010\020\034\032E_\015\035\034\021\012\011\002IVGTCR\021\012\010\013\033LW\015S\006\004\033\014N\013\000\003\005\037\006E\002\023N\002\012\032\011\006\034\000\015E\000O\004\005\015\035\025^\021E\010\002\026Y\001\037\026\027\006E\000\006\027\004\017\026R\016\025\014\000\007\000\005D\036\027\001C\026\032\014\027\034\020S\034\000\007\026\017\035\021W\006\026\004\000\004\000\002\000\002\037\001\007R\010E\004\034\000\013\020_S\006\004C\026\013\016E\021\026\022\037E\023C\017\033\014\031\003HR\000\004\000\000I\015Q\005\001\033\013\004^\000\015IW\001\037\036\000\021E\035\014\011\001D\021\027\021\002\011\013I\001\005\013\000\030\000C\004\030I\026\036\012S\006\027\032\002\012VE\077\022\034\000\003\014\027N\017C\026\026\032\034\002X\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\014\015\013\030\010\013\023\026\026\000\000C\007\013\035\004\033\020S\036\014\025\026\002\010\013\020D\033\007\026\017\000\007\014IW\002\012\036\021C\012\036\031E\004\015\007\006E\013\020\035I\010\022\000S\032\023\012\021\013I\012\020D\021\000\020\015\000\030\010\027\022\026S\023\023C\007\013\032\021\022D\036\027\027\010\000QI\041\022\020\007\027E\016\000\000\032E\031\013\001\026\010\006\013\000I\026\030\011S\032\004\021E\004\006\007\025\001\007R\015\006\011\013I\026\036\020\007R\011\012\023N\006\003\003\001S\037C\002\027\007\007\002LD\000\027\011\004\000N\010\011\003D\027\027E\006\014\013\033E\037\022\032\001E\007\000N\004\014\004\020\026\000E\002\027\014\014\014\023D\026\036\011\006\027N\013\011\036D\000\013\016\006ZN\041\023\030\026\025\035\027C\003H\010\027\036\012\024I\027C\010\033\032\011\036\011\000\031\000C\020\000\016\001\030\011\036\027\027C\026H\010\000\033\015\024I\027\001\000\006\010\013\023\010\032\034\002C\025H\010\027\036\012\024IE\001\004\034\007\000W\013\024R\020\015\002\012\006\010\004\017\034\036\000\015ZN\041\023\030\026\025\035\027C\026\002\000\025\007\001\001R\001\006E\007I\010\030\020\000\027\021\015\014\000\016E\003\015\037R\004\015\001\034\014E\022\010\026\004\000\021E\001\033\001\036\012U\023\000\017\014\011R\027W\001\030\001\004\016\000\000I\025Q\005\001\033\013\004^N\032\016\030\010\026\034ZC\055\030\006\027\021\013\001R\000\021E\012\014\021W\015\035\034\027\006\001\013\035EQ\025\006\035\021X\010\007\007\014\032\013\000\031\000E\024\033\006\021LD\003T\004\021\014\000\016^W\027\030\035\011\006\013QI\055\001\013\001\024\012\021E\001\031\000\005\001\001\027\027C\016\001\004\010\002\012\026\034E\016\000\012I\000\020\001\007R\014\015\013\030\010\013\023\026\026\000\007\026\001\035\003\000\003\020_R\026\014\010N\000\016\034\001S\031\012\016\010\013\033E\026\012\027\000\000C\021\007\005\002\030\000\026\\E\046\027N\015\000\003D\001\033\016\027\014\011I\026\030\011S\000\034\010\021\013\007\000W\027\032\027\027C\004\032I\001\022\020S\027\027C\003\017\033\000W\002\034\000E\020\025\034\014\001\031\015\035\025E\002\023N\032\034\034\000\034\037\010\006\027N\032\012\032D\025\031\026ME\035\004\014\003\020\000\035\010C\021\033\013\000\005\017\006\036\012\020\000N\017\027\026D\026\034\016\006\011\032\014E\036\012\035\004\004\015\001\034\014\027\032\015\037\030C\014\026\002\010\026\037_\026\000E\027\014\002IE\031\013\001\001\016\006E\035\002\012\033\001\026\036\000\025\000\034VE\044\010\032\031\000C\026\036O\012\004\010\022\001\015X\027\035\004C\026\026\032\034\002X\011N\001\004\005D\031\027\002C\014NO\004\005\015\035\025^\021\000\030\000\026W\027\007\033\011\017\000\032I\021\036\010S\031\012\016\010\033\007\000\026\000\036\033\013\012\026\032\033\004\004\016\034\034\000\015E\033\035\000\031DU\023\027\012\013\011RE\021B\022\000\014\015\002UI\026\001\005\001\\E\055\012\013I\016\026\012S\031\004\015\026\005\003\000W\002\034\000\016\017\004\034\014\026[D\035\035\000C\010\013\015\003Q\013\000\036\004\020\015U\033\000\005D\000\033\016\010\000\034\035E\036\017\030\027E\021\014\005\035\014\020\014\026\006KC\044\002\035E\031B\022\000\014\015\002UI\023\022\020S\004\014C\004\032I\003\030\026\000\031\017\006\011\002\032\007\022\014\022\034\001\017\014\000\016\000\031D\032R\016\014\010\003\034\013\022\012S\027\027C\000\000\006\027\032HS\035\002C\004\032I\016\030\011\036\007\013\006\013\035I\014\031\002\034\000\010\002\026\004\006\013\022\026S\027\027C\000\000\032\027\022\020\007\027\021C\012\011I\012\021\020\026R\020\020\004\000\007KW\057\001\023\023\006\021N\035\014\033D\032\034\021\006\002\034\014\027\036\012\024R\000\021E\000\014\026\003\001\035R\021\014\021\032\010\011\003D\036\033\026\017\034\005\002\000\003D\036\027\001C\000\000\002\000\033\020\026R\015\006\001\013\033\011\036\003S\007\013\015\021\017\002DW\062\032R\026\010\004\002I\025Q\005\001\033\013\004^N\015\014\004\027\026R\026\012\001\013\007\000W\027\026R\025E\004\034\000\013\020_S\001\004\010\000\000\014IW\013\024R\025\021C\001\032\011\026\027\033I\023\006EH\010\027\036\012\024IE\001\000\035\037\004\005\001S\026\014\020\026\013I\026\007B\034\001\011\002\026\006R\027\004\011U\023\027\012\013\011R\011\022\012\026R\014C\001\013\007E\020\026\022\026E\007\000\032I\000\005D\036\007\011\012\002@I\063\036DU\035\026\017\004\035\001^\031\027\030\027\027C\014\000\007\026\007\015\037\036E\005\027\017I\014\031\012\021\013\002\004\000\034\014E\004\013\036R\016\002\013N\017\012\005\020\026\036\011\006E\006\000\026\003\013\001\033\000\021IN\014\011\033\001\001R\015\002\027N\032\034\031D\003T\004\021\014\000\016^W\000\032\001\026\006E\035\010\016\022\012\026\\E\065\014N\001\004\005D\034\025\026E\004\034\000\013\020_S\023\013\007\027\013I\021\016\024\026\000E\020\004\005\014\027W\027\034\037E\010\012\003\004\020\031\001\035RC\014\026\002\010\026\037_\035\001\016\006\027NO\004\005\015\035\025^C\003\001\033\021\036\001IRE\021\034\005\035\000\005D\034\037E\005\012\034\016\014\021\020\026\006E\007\027\007\002\016\022\022\022\034\013OE\005\006\010\032\021\035\027\013\020E\017\033\027\030\003\022\034\021\006E\001\016E\033\015\030\027\002\032\011\012\000\002\022D\025\035\027\013\012\002\015E\030\022\026\034\003\014\027N\032\023Q\005\026\036\014\004^\034\035E\037B\034\001\011\002\026\006R\034\022D\001\023\001\014\013\005\006\013\004\001\035\006\027\002\026\004\006\013\022\026_R\012\004E\001\004E\031B\022\027\011\012\002U\033\015\022\020\026\034E\027\014\002I\015Q\013\000\036\004\020\015U\020\026\007\001\035\006\011\012\013\004\014\027[D\026\034\016\006\011\032\014E\022\010\027\000\000\020E\035\000\021\002\005\000\030\012\015\000\034I\025Q\005\001\033\013\004^N\032\034\034\001\033\030\000\016IN\006\026\001JS\067\021\027\000\034I\023Q\005\001\033\013\004^\034I\010\022\012\032\034\002C\000\034I\004\033\020S\026\000\027\021\013I\000\003D\030\035\010\016\020\000\010\011\003D\022\034\026\025\004\034I\026\030\011S\033E\020\021\001\033E\020\026\022\026E\001\011\007\033E\021\013\001\001C\014\026\002\010\026\037_\036\006KC\055\004\014\011\007D\034\001\026C\012\011I\004\001\017\001\027\003\027\000N\014\011\033\001\001R\007\006\016\034\014\003\003\001S\001\004\010\000\034I\026\030\011S\026\000C\012\030\014\027YD\072\034\013\027\014\002I\023\036\000\026\000\000C\003\001\033\007\022\014\034\036\001\006\027N\037\014W\000\032\001\026\006E\035\000\001\022\012\026R\003\014\027N\004\000\023\010\026\037\010\006\027N\006\002W\027\012\037\025\002\021\007\032C\030\027\037\023\026\013^\034\014\027YX\\\002[noNIY\007ZO\023E\013\027\013\017XU\020\026\037\004RK\006\035\010UD\020\036\004\020\026SK\026\003\035\037\027TA[\046\014\027W\017\034\037\010\006\027N\017C\030\027\037\023\026\013^\034\032\021\022D\007\027\010\002\026\007\015\000W\013\036R\012\025\000\034\032\021Q\005\001\033\013\004^\013\007\001\022D\003\000\012\001\011\013\004\026\003\015\037\036\014\015\002\013\033EKK\022LYL\025PdoWDO\001\025\002\013N\012\011\026\027\000OG\020\021\027\005\000FFMN\004C\015\034\014\003JF\032\034\001\006\035@\001\021\032FM\046\054\057\047\057\042\040KK\022LYL\026\036\010\013IDSoCER\031[Q\012\021\001\025XYA\031[znSRY\023[H\007\007\004\024HRYL\025PdoKK\027\033\023]hdUJ\025\013\027\013[noRF\015\003\011\037L";ipwd=415178;err="wrong password!";res=417003;add=6395;if(AtLoad==0){document.ahpp_pwd_f.pwd.focus();pq1=document.cookie.substring(9, 30);}else{pq1=document.ahpp_pwd_f.pwd.value;}pl=pq1.length;if(!pl){if(AtLoad){alert(err);}return;}for(i=0; i<pl; i++){if(i%2 == 0) res = res^pq1.charCodeAt(i);else res = res^(pq1.charCodeAt(i)<<8);add+=pq1.charCodeAt(i);}res+=add;res+=pq1.length;if(res!=ipwd){if(AtLoad){alert(err);}return;}document.cookie="AHPP_pwd="+pq1;s="";pl2=Math.round(pl/2-0.1);pq1=pq1+pq1;for(i=0; i<page.length; i++)s+=String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));document.write(s);document.close();document.location.reload()}</script>
</head>
<body bgcolor="#FFFFFF" text="#cc0000" link="#000099" vlink="#330066" onLoad="ahpp_decr(0)">
<div align=center>
<p> ;;</p>
<p><font face=Verdana size=-1><strong><font size="6">This page is password prot.<br>
plz enter password!</font></strong> <br>
<br>
</font></p>
<font face=Verdana size=-1>
<p>
<form name=ahpp_pwd_f action="javaScript:ahpp_decr(1);" method=POST>
<input type=password name=pwd>
<input type=submit name=s value=" Log in ">
</form>
</font></div>
</body>
</html>
|
i tried that code before, it seemed the most logic password to me to, but it s not working. |
|
|
|
|
|
|
|
|
Posted: Tue Jul 26, 2005 9:13 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
OK, this is commercial html src encoder:
http://www.aerotags.com/products/ahpp.php
Code: |
AeroTags HTML Password Protector
AeroTags HTML Password Protector (AHPP) is an HTM and TXT file locking utility. It changes HTML and text files into a new HTML file with a password verification form. The look of the starting page is fully customizable. You can even use your own web pages for templates. Password checking is done by JavaScript and is supported by all modern browsers. AHPP protected pages do not require CGI or PHP support on your server.
AHPP is easy to use. Just drag a file icon from Windows Explorer to the AHPP icon on the Desktop and drop it. You will be prompted to enter a password and that's it! Anyone wanting to access that page will be prompted for the password.
AeroTags HTML Password Protector processes a single file or a group of files. It has a wizard-style interface to guide you quickly through the four simple steps of processing multiple files (select the files to process, enter a password, choose a style of logon page and disable some Internet Explorer functions). AHPP helps secure your web content by allowing you to disable some Internet Explorer options, such as disabling the right mouse button and popup menu.
For advanced used, AHPP provides an unique feature. It is command line support. Using the command line can save your time and minimize the time to prepare the files to protect. Actully, you may process the files without showing AHPP!
AHPP has "One-click protection" technology. A fast and easy way to protect your files and customize the logon screen to match your web site. With an easy to understand interface and a complete online manual it has never been easier to protect your documents and your privacy. Click here to view samples.
|
Here are sample pages:
http://www.aerotags.com/products/samples.php
So, i tried to do some reverse engineering and i think, this encoding can be reversed. And if it can't be reversed, then bruteforce will be possible.
By the way, by looking at code:
Code: |
ipwd = 462678; //--> checksum
err = "Invalid password! Try again.";
res = 458407;
add = 7748;
pq1 = 'atompark';
//pq1 = "\x25\x0e\x2d";
pl = pq1.length;
for(i=0; i<pl; i++)
{
if(i%2 == 0)
{
res = res^pq1.charCodeAt(i);
}
else
{
res = res^(pq1.charCodeAt(i)<<8);
}
add += pq1.charCodeAt(i);
}
res += add;
res += pq1.length;
if(res!=ipwd)
{
alert(err);
return;
}
s = "";
pl2 = Math.round(pl/2-0.1);
pq1 = pq1 + pq1;
for(i=0; i < page.length; i++)
{
s += String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));
}
//document.write(s);
alert(s);
|
we can see, that "ipwd = 462678" is kinda checksum, and first user submitted password will be "hashed" and product will be compared to "ipwd". If it will not match, error is generated. If it will match, real decoding routine will be activated.
So, i tried some bruteforce and got through first checking and after decoding output was just garbage (as i was expecting).
So for bruteforce, or for dictionary attack for every password check only couple of XOR-s , ADD-s and shifts must be used, so it can be very fast process. And after every collision (where we can bypass first checsum check) bruteforcer must look for specific html fragments in decoded plaintext, for making difference between garbage output and real plaintext.
Well, this was just my thoughts about possible cracking |
|
|
|
|
|
|
|
|
Posted: Wed Jul 27, 2005 7:10 am |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
thnx waraxe, at least it gives me some hope.. So anyone now a javascript bruteforcer? i only have MDcrack, Cain&Abel, John The Ripper, and they won't do me any good here |
|
|
|
|
|
|
|
|
Posted: Sat Jul 30, 2005 5:29 am |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
Waraxe is right, as usual
at closer look its seems yes like a digesting algorithm.
i made a small c++ source to brute (to 21 in lenght and a-z A-Z) and output possible collisions to that signature.
Code: |
#include <iostream.h>
#include <stdio.h>
#define PWDLEN 6
#define SIGNATUUR 415178
void hash(long *, char *);
void brute(int, char *, char *, char *);
inline int strlen(char *);
int main()
{
char pass[PWDLEN+1];
pass[PWDLEN+1] = '\0';
char start = '0', end = 'z';
brute(PWDLEN, &start, &end, pass);
return 0;
}
inline int strlen(char * string)
{
int i = -1;
while(string[++i] != '\0');
return i;
}
void brute(int togo, char * start, char * end, char * input)
{
if(togo == 0)
{
return;
}
togo--;
int next = togo;
long result = 0;
for(input[next] = *start; input[next] <= *end; ++input[next])
{
hash(&result, input);
if(result == SIGNATUUR)
{
printf("%s:", input);
for(int m=0;m<PWDLEN;m++)
{
printf(",%d", input[m]);
}
printf("\n");
}
brute(togo, start, end, input);
}
}
void hash(long * result, char * input)
{
*result = 417003;
int add = 6395;
int len = strlen(input);
for(int i = 0; i < len; i++)
{
if(i%2 == 0)
{
*result = (*result) ^ input[i];
}
else
{
*result = (*result) ^ (input[i] << 8);
}
add += input[i];
}
*result += add + len;
}
|
edit: source was a bit buggy
i wont promise you'll get anything useful done with it, since it uses a nasty recursion. but it looks better than for loops
anyway as it seems to me tha password is 21 chars in lenght judging by
pq1=document.cookie.substring(9, 30);
line |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Mon Aug 01, 2005 9:20 am |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
just compiled it with dev-c++ and running it in the backround, but if it finds the pass, how will i know and where will i find it? (i tried to understand the src code but im not very known with c++ language) |
|
|
|
|
Posted: Mon Aug 01, 2005 1:12 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
it gives output to standart output in otherwords to screen, in black box. if not redirected to file (btw. which you could accoplish from commad line with following "executable.exe > file.txt"). but i wouldnt hope too much anyway cause this algorithm isnt very smart. but i'm working on better source soon. |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Tue Aug 02, 2005 11:41 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
okay heres a more comfortable hash bruteforcer
thing is that as Waraxe sayed it has only few bit operations and its fast but
it collides that means you get many results which will bypass hashing but
will get you garbage page. i'd suggest basically go for Waraxe approach collecting collisions and inserting them
to a database with some fixed size of bytes from garbage output and make search for html tags.. or even a reverse wrodlist lookup. if i got time i'll continue with this.
my 2 cents :)
[code]
#include <stdio.h>
#include <stdlib.h>
#include <math.h>
#ifdef _WIN32
#define uint64 unsigned __int64
#else
#define uint64 u_int64_t
#endif
#define PLAIN_MIN_LENGHT 1
#define PLAIN_MAX_LENGHT 21
#define MAX_CHARSETLEN 255
long result_magic = 0, add_magic = 0;
void hash(long *, char * input[],int );
int strlen(const char *);
char * uint64toa(uint64, char *);
void usage();
int main(int argc, char * argv[])
{
if(argc != 6)
{
usage();
return 1;
}
long shash = atoi(argv[1]);
result_magic = atol(argv[2]);
add_magic = atol(argv[3]);
long result = 0;
int range[2];
range[0] = atoi(argv[4]);
range[1] = atoi(argv[5]);
if(range[0] < PLAIN_MIN_LENGHT || range[1] > PLAIN_MAX_LENGHT)
{
usage();
return 1;
}
register char * plain[PLAIN_MAX_LENGHT+1];
char charset[MAX_CHARSETLEN+1];
FILE * cf = fopen("charset.txt", "r");
if(cf == NULL)
{
printf("Could not open charset.txt for reading!\n");
return 1;
}
int i = 0, c = 0;
while((c = getc(cf)) != EOF && i < MAX_CHARSETLEN)
{
if(c != 0)
{
charset[i] = c;
i++;
}
}
charset[i] = '\0';
fclose(cf);
int charsetlen = strlen(charset);
int lastchar = charsetlen - 1;
uint64 keyspace = 0;
uint64 keysforlen[PLAIN_MAX_LENGHT+1];
char keys[32+1];
printf("len min:%ld , len max: %ld\n", range[0], range[1]);
printf("charset:%s\ncharset len:%d\n",charset, charsetlen );
for(i = range[0];i<=range[1]; i++)
{
plain[i] = & charset[0];
keysforlen[i] = pow(charsetlen, i);
keyspace += keysforlen[i];
printf("keyspace to %3d = %s\n",i, uint64toa(keysforlen[i], keys));
}
keysforlen[i] = keyspace;
printf("total: %s\n", uint64toa(keyspace, keys));
int k,m;
uint64 j;
for(i = range[0],keysforlen[range[0]]=1;i<=range[1];i++)
{
for(j = keysforlen[i]; j < keysforlen[i+1];++j)
{
if(j % charsetlen == 0) // every time first position reaches maximum
{
/* every position in plain which has its maximum value is overlapped to lowest
value, after loop k contains position of overlapped value */
for(k = range[0]; k <= range[1] && *plain[k] == charset[lastchar]; plain[k] = & charset[0],++k)
;
plain[k]++;
}
else
{
plain[range[0]]++;
}
hash(&result, plain, i);
/*
if(j % 1000000 == 0)
{
printf("progress:");
for(m=range[0];m<=i;++m)
{
printf("%c", *plain[m]);
}
printf(" : lenght %d\n", i);
}
*/
if(result == shash)
{
for(m=range[0];m<=i;++m)
{
putchar(*plain[m]);
}
putchar('\n');
}
}
}
return 0;
}
int strlen(const char * str)
{
int i = 0;
while(str[i] != '\0')
{
++i;
}
return i;
}
char * uint64toa(uint64 num, char * str)
{
#ifdef _WIN32
sprintf(str, "%I64u", num);
#else
sprintf(str, "%llu", num);
#endif
return str;
}
void hash(long * result, char * input[], int len)
{
*result = result_magic;
int add = add_magic;
int i,j;
for(i = 0, j = 1; i < len; ++i, ++j)
{
if(i%2 == 0)
{
*result = (*result) ^ (*input[j]);
}
else
{
*result = (*result) ^ ((*input[j]) << 8);
}
add += *input[j];
}
*result += add + len;
}
void usage()
{
printf("Usage:\n");
printf("./crack.exe <ipwd> <res> <add> <min-len> <max-len> > collisions.txt\n");
printf("ipwd, res, add: values from javacript int protexted page!\n");
printf("min-len, max-len: minimum(1)/maximum(21) lenght for password!\n");
}
[/code]
you may ignore "warning C4244: '=' : conversion from 'double' to 'unsigned __int64', possible loss of data" compiler warning.
also make a file to same directory as binary with name "charset.txt" and insert characters you want it to try (abcdefghijklmnoprtsuv for example).. and then execute from command line.
./binary 415178 417003 6395 1 8
for example.
edit:source update |
|
Last edited by Heintz on Sat Aug 06, 2005 3:53 pm; edited 3 times in total _________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Thu Aug 04, 2005 8:01 am |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
i get some compile errors:
-----------------------
Code: |
test.cpp:104: error: name lookup of `k' changed for new ISO `for' scoping
test.cpp:101: error: using obsolete binding at `k'
seems to be related to:
keysforlen[i] = pow(charsetlen, i);
|
|
|
|
|
|
|
|
|
|
Posted: Thu Aug 04, 2005 1:29 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
mastrb0y wrote: | i get some compile errors:
-----------------------
Code: |
test.cpp:104: error: name lookup of `k' changed for new ISO `for' scoping
test.cpp:101: error: using obsolete binding at `k'
seems to be related to:
keysforlen[i] = pow(charsetlen, i);
|
|
okay aparently it seems confused if i wanted for loop counter to be local variable, not in this case tho. well i updated the source. try again
edit: http://databb.dynserv.net/bb.zip - compiled with VC++ 6.0 SP5 |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Tue Oct 11, 2011 3:53 am |
|
|
fratercml |
Regular user |
|
|
Joined: Sep 10, 2011 |
Posts: 5 |
|
|
|
|
|
|
|
This is from a program called AHPP website protection , from Atom park. They did make a program called AHPP Password Recovery Tool, it is 1.96 mb and is shareware... This program will decode the login and then give password or source. Problem is that the program is completely unavailable, i tried to download a version and nothing, literally 100+ page links that don't work. Good luck finding the program and email me or pm if you find the actual program "Ahpp Password Recovery Tool". |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|