Results 1 to 10 of 10

Thread: javascript password protection?

  1. #1
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567

    Question javascript password protection?

    Hey, I've been trying to understand how certain javascript password protection scripts work! Right now I'm learning javascript so my knowledge of it isn't that good. heres a sample script:
    <script>

    var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"

    function submitentry(){

    verification=document.challenge.passwd.value

    password = numletter.substring(11,12)
    password = password + numletter.substring(18,19)
    password = password + numletter.substring(23,24)
    password = password + numletter.substring(16,17)
    password = password + numletter.substring(24,25)
    password = password + numletter.substring(1,4)

    if(verification == password){
    alert("thank you");
    }else{
    alert("invalid password!");
    }

    }
    </script>
    Heres what I have been able to come up with. The password,of course, gets its info from var numletter= and then picks the numbers/letters from this by using the given coordinates and keeps doing this and adding up the coordinates until the password is complete. am I right? I got abhimn03 but that doesn't work. Yes this is from a test site but I wan to know how it works. and please don't give me the password! thanx!

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    251
    Here's my hint:
    http://www.dataschenk.com/Tips/JSSubstring.htm

    You aren't doing the substring(start, end) correctly.
    foo='012345';
    blah = foo.substring(1,2); // would return '1'.
    blah = foo.substring(0,3); // returns '012';

    Forgive me if my javascript syntax is not up to any standard of even mediocraty. I tend to shy away from most everything client side.

    Peace,
    Dhej
    The owl of Minerva spreads its wings only with the falling of dusk. -Hegel

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I always take the easy way out and just modify their code to make it output the password . That aside, it's not that bad to trace through. Start off by testing some of the functions used in their script to see what they do. Basically what Dhej posted what I mean by that. Just write something simple using similar code so you can figure out what it's doing, then use that knowledge to run through their code by hand. I still say have the code do it for you though :P. Peace.

    edit
    also, where's this site, I'd like to try it out.

  4. #4
    Just a note:

    Javascript passwords are just about as insecure as you can get.

    Better than nothing?

  5. #5
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    hey thanx everybody!

    Javascript passwords are just about as insecure as you can get.
    yeah I know soda! lmao but not everybody knows that lol!

    h3r3tic
    umm that site. Its a very interesting site! You have to modify their site code before you can register! Its very easy though. I forgot the url but when I get home I'll post it here!

    bis bald!

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Why not let the Javascript do the hard work and just add in a alert(password) somewhere?

    Also is this script some lame IE DOM **** or what?

    document.challenge.passwd sounds dodgy to me

    Slarty

  7. #7
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    slarty- this is not the whole source code but that does not matter. And as for letting javascript doing the work for you? Why? I like to learn how stuff works! but oh well. nvm


    edit**
    heres the site.... http://www.net-force.nl

  8. #8
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    doesnt gmail use java to login???

    or am i wrong in say that??

    Unsure
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  9. #9

  10. #10
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    holy sh*t batman lol. Yeah they do! They load it up in an "iframe". Click right mouse>view source around the login area. This will show their method! Why does gmail always want their cookie?

    edit**

    javascript that is.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •