-
September 7th, 2004, 07:18 PM
#1
javascript password protection?
Hey, I've been trying to understand how certain javascript password protection scripts work! Right now I'm learning javascript so my knowledge of it isn't that good. heres a sample script:
<script>
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
function submitentry(){
verification=document.challenge.passwd.value
password = numletter.substring(11,12)
password = password + numletter.substring(18,19)
password = password + numletter.substring(23,24)
password = password + numletter.substring(16,17)
password = password + numletter.substring(24,25)
password = password + numletter.substring(1,4)
if(verification == password){
alert("thank you");
}else{
alert("invalid password!");
}
}
</script>
Heres what I have been able to come up with. The password,of course, gets its info from var numletter= and then picks the numbers/letters from this by using the given coordinates and keeps doing this and adding up the coordinates until the password is complete. am I right? I got abhimn03 but that doesn't work. Yes this is from a test site but I wan to know how it works. and please don't give me the password! thanx!
-
September 8th, 2004, 02:48 AM
#2
Here's my hint:
http://www.dataschenk.com/Tips/JSSubstring.htm
You aren't doing the substring(start, end) correctly.
foo='012345';
blah = foo.substring(1,2); // would return '1'.
blah = foo.substring(0,3); // returns '012';
Forgive me if my javascript syntax is not up to any standard of even mediocraty. I tend to shy away from most everything client side.
Peace,
Dhej
The owl of Minerva spreads its wings only with the falling of dusk. -Hegel
-
September 8th, 2004, 03:18 AM
#3
I always take the easy way out and just modify their code to make it output the password . That aside, it's not that bad to trace through. Start off by testing some of the functions used in their script to see what they do. Basically what Dhej posted what I mean by that. Just write something simple using similar code so you can figure out what it's doing, then use that knowledge to run through their code by hand. I still say have the code do it for you though :P. Peace.
edit
also, where's this site, I'd like to try it out.
-
September 8th, 2004, 03:29 AM
#4
Just a note:
Javascript passwords are just about as insecure as you can get.
Better than nothing?
-
September 8th, 2004, 06:53 PM
#5
hey thanx everybody!
Javascript passwords are just about as insecure as you can get.
yeah I know soda! lmao but not everybody knows that lol!
h3r3tic
umm that site. Its a very interesting site! You have to modify their site code before you can register! Its very easy though. I forgot the url but when I get home I'll post it here!
bis bald!
-
September 8th, 2004, 10:07 PM
#6
Why not let the Javascript do the hard work and just add in a alert(password) somewhere?
Also is this script some lame IE DOM **** or what?
document.challenge.passwd sounds dodgy to me
Slarty
-
September 8th, 2004, 10:21 PM
#7
slarty- this is not the whole source code but that does not matter. And as for letting javascript doing the work for you? Why? I like to learn how stuff works! but oh well. nvm
edit**
heres the site.... http://www.net-force.nl
-
September 9th, 2004, 04:01 AM
#8
doesnt gmail use java to login???
or am i wrong in say that??
Unsure
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
-
September 9th, 2004, 04:11 AM
#9
-
September 9th, 2004, 04:19 AM
#10
holy sh*t batman lol. Yeah they do! They load it up in an "iframe". Click right mouse>view source around the login area. This will show their method! Why does gmail always want their cookie?
edit**
javascript that is.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|