PDA

View Full Version : need help figuring this one one.

jjj0923
12-14-2005, 12:51 PM
I inheriited some code for a login screen on a website of a company we purchased. their programmers are long gone and I'm trying to figure out what they password should be:

any ideas?
--------------------------------------------------------------------------

<script language="javascript">

function dohash(pass,base)
{ var alpha="abcdefghijklmnopqrstuvwxyz0123456789";
var hash=0;
var user=document.login.uid.valid;
for (i=0;i<pass.length;i++)
hash=hash*base+alpha.indexOf(pass.substring(i,i+1).toLowerCase(),0);
return hash; };

function valid()
{ var today=new Date();
return Math.floor(today.getTime()/1000); };

function invalid(user)
{ alert('Invalid Login for user: '+user+'');
document.login.pw.value='';
document.login.pw.focus(); }

function setFocus(){document.login.pw.focus(); }
</script></head>

<body bgcolor="ffffff" onload="setFocus()"><form name="login">
<table width=100% height=100%><tr><td align=center valign=center>
<font color=red><b>Authorized Use Only!</font><br><br>
<table border=5 cellspacing=0 width="30%" ><tr><td bgcolor="#DBDBDF"><table><tr><th align=right bgcolor="#DBDBDF"><font face="arial" size="1">USERNAME</th>
<td bgcolor="#DBDBDF"><input type="text" name="uid" size="20" value="ADMIN"></td></tr>
<tr><th align=right bgcolor="#DBDBDF"><font face="arial" size="1">PASSWORD</th><td bgcolor="#c0c0c0">
<input type="password" name="pw" size="20" maxlength="8"></td></tr></table>
<tr><th align=center bgcolor="#DBDBDF"><center><table>
<tr><td><input type="button" value=" Submit Login " onClick="if (dohash(document.login.pw.value,7)==5785714) {top.location=dohash(document.login.pw.value,9)+'32090346.cfm?'+valid();}else{ invalid(uid.value.toUpperCase());}">

</td><td></form></td></tr></table></th></tr></table></td></tr></table>
</body></html>
BaldEagle
12-14-2005, 03:39 PM
I inheriited some code for a login screen on a website of a company we purchased. their programmers are long gone and I'm trying to figure out what they password should be:

any ideas?
--------------------------------------------------------------------------

<script language="javascript">

function dohash(pass,base)
{ var alpha="abcdefghijklmnopqrstuvwxyz0123456789";
var hash=0;
var user=document.login.uid.valid;
for (i=0;i<pass.length;i++)
hash=hash*base+alpha.indexOf(pass.substring(i,i+1).toLowerCase(),0);
return hash; };

function valid()
{ var today=new Date();
return Math.floor(today.getTime()/1000); };

function invalid(user)
{ alert('Invalid Login for user: '+user+'');
document.login.pw.value='';
document.login.pw.focus(); }

function setFocus(){document.login.pw.focus(); }
</script></head>

<body bgcolor="ffffff" onload="setFocus()"><form name="login">
<table width=100% height=100%><tr><td align=center valign=center>
<font color=red><b>Authorized Use Only!</font><br><br>
<table border=5 cellspacing=0 width="30%" ><tr><td bgcolor="#DBDBDF"><table><tr><th align=right bgcolor="#DBDBDF"><font face="arial" size="1">USERNAME</th>
<td bgcolor="#DBDBDF"><input type="text" name="uid" size="20" value="ADMIN"></td></tr>
<tr><th align=right bgcolor="#DBDBDF"><font face="arial" size="1">PASSWORD</th><td bgcolor="#c0c0c0">
<input type="password" name="pw" size="20" maxlength="8"></td></tr></table>
<tr><th align=center bgcolor="#DBDBDF"><center><table>
<tr><td><input type="button" value=" Submit Login " onClick="if (dohash(document.login.pw.value,7)==5785714) {top.location=dohash(document.login.pw.value,9)+'32090346.cfm?'+valid();}else{ invalid(uid.value.toUpperCase());}">

</td><td></form></td></tr></table></th></tr></table></td></tr></table>
</body></html>

Since they have hard-coded the hash number (5785714) rather than try to figure out what it is just use the algorithm to figure out whatever password you want and change the hard-coded number. Don't forget to also figure out the page hash as well and rename the page it calls. I can't say for sure this will work but it may be easier than back-engineering the current password.

BaldEagle


[edit] in retrospect figuring out which page gets called may be your downfall, especially if all the pages have long numeric names. You know the page hash will be larger than the password hash so you may have to do a little trial and error to find it.
BaldEagle
12-14-2005, 10:27 PM
You truly have a dilemma on your hands. I made a simple spreadsheet layout to simulate the algorithm. It may not be possible to find the actual password (unless you want to play with the password alot) as the 5785714 hash can be duplicated for several passwords. Here are two I came up with:

Password Page
fgaadfa5 32486954
fgaabtdk 32486636

If you are lucky it will be one of these, otherwise do as I did with a spreadsheet and you will be able to go down the line filling in the letters/numbers until you get the correct number. If you want to do this and need some help with the spreadsheet send me a personal email and I will send you the spreadsheet to use.

BaldEagle

[edit] THIS ALSO ASSUMES THE PASSWORD IS 8 DIGITS, BUT IT COULD BE MORE AND USE SMALLER VALUE LETTERS TO GET THE SAME RESULT.