Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
August 21, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 212
Members: 0
Total: 212
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> possible to decrypt javascript
Post new topic  Reply to topic View previous topic :: View next topic 
possible to decrypt javascript
PostPosted: Tue Jul 26, 2005 12:22 pm Reply with quote
mastrb0y
Regular user
Regular user
 
Joined: Apr 19, 2005
Posts: 7




is it possible to decrypt this:

Code:

<script language="javaScript">function ahpp_decr(AtLoad){page="KE\067\075\046\067\074\076\054E\077\060\076\076E\063\060\054\045\054\064DQ_JL\062]\052JX\040\047\066E\053\061\043\045ECJCCE\067\027\017\007\026\036\020\032\035\013\002\011AF\040\071F~xG\013\021\032\031_XK\004\005\022M\022]G\012\005\003\\\046\067L\015\032\004\011CK\037\035\012\020\000@\015\021\023FMo_\015\032\004\011IiyN\015\006\004\012Wh}X\007\033\021\017\000P\074\013\003\015\007\036\000\007E\052\006\006\002\011\026\034\021_J\032\000\021\033\001Mo_\010\013\035\004W\014\007\006\025N\000\037\034\014\001YQ\061\012\015\021\013\007\021Z\060\012\002\000AE\015\006\013\003\001\035\006XA\021\013\021\021X\014\007\037\011XE\015\001\004\005\027\026\006X\012\026\001D]OQJ_TA[ccY\004\020\012\036\000C\021\027\031\000JF\007\027\035\027J\015\032\026UZ~xYBHCdoY\027\007\013\011\006TN\022\003\030\012\007_\026\012\037\013SEDR\003\012\030no@\032\021\016\010\026@E\030hd`\003\030\012\007_\026\012\037\013SEEP\003\012^nog\017\012\031\020^\005\000\012\002\006\035_W\006\034\036\001Xhd\024h}J\000\006\034\017\000]I\036\021\013\035\006H\020\014\024\014_WUK\002\035\036hdDHIiyNJ\020\021\027\005\000IiyNJ\013\000\017\015[zn~xY\001\012\012\020[znO\026\014\025E\017\005\014\020\012NP\006\006\013\032\014\027UZ~xECY\036I\006\033\005\000\001XA\026\032\020\011\022VQL\050\002\013\011\014E\003\015\035\025E\006\027N\035\004\025\021\037\023\002\027E\007I\055\002\026\006\037E\010\012\003\004\020\031\001O]\025]hdIEK\024S\021\011\002\026\035TG\004\020\012\036\000PGP\044\000\004\020S\035\010\007\014\035\002\020\003\001\001\006E\006\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\004\025E\003\034\026\033\015\036\001\016\006E\007\007\013\001\005\035\026\027\006\027\013I\026\030\011S\027\027C\010\013\016\000\003D\000\006\000\021\016\032I\003\030\026\025\035\027\007\000\002\035E\036D\025\035\027\013\012\002\015E\003\015\037R\004\015\001\034\014KW\054\005\035\027\005\012\034I\016\035B\034\001\011\002\026\006R\027\022\027S\024\027\012\026\005\014E\002\012\024\026\012\016\026\035\002\012\033\001\026\036\000\025\000\034I\010\022\000S\033\013\015\023\017\007\001\005\001\001\020\004\010\002\034\034\013\031D\007\033\011C\026\005\006\011\022\012S\037\000\007E\032\010\035\036D\021\027\021\002\011\032I\004\001D\030\035\010\016\020\000\014\013HD\073\004\012\021\003\001\033E\034\016U\035\026\017\004\035\001^\005\001\000R\020\015\002\013I\014\031\012\005\023\013\007\027\013\033E\034\022\032\034\013\006\027N\035\014\033D\032\034\021\021\012\012\034\026\034\016\034\034\026\010\020\034\032E_\015\035\034\021\012\011\002IVGTCR\021\012\010\013\033LW\015S\006\004\033\014N\013\000\003\005\037\006E\002\023N\002\012\032\011\006\034\000\015E\000O\004\005\015\035\025^\021E\010\002\026Y\001\037\026\027\006E\000\006\027\004\017\026R\016\025\014\000\007\000\005D\036\027\001C\026\032\014\027\034\020S\034\000\007\026\017\035\021W\006\026\004\000\004\000\002\000\002\037\001\007R\010E\004\034\000\013\020_S\006\004C\026\013\016E\021\026\022\037E\023C\017\033\014\031\003HR\000\004\000\000I\015Q\005\001\033\013\004^\000\015IW\001\037\036\000\021E\035\014\011\001D\021\027\021\002\011\013I\001\005\013\000\030\000C\004\030I\026\036\012S\006\027\032\002\012VE\077\022\034\000\003\014\027N\017C\026\026\032\034\002X\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\014\015\013\030\010\013\023\026\026\000\000C\007\013\035\004\033\020S\036\014\025\026\002\010\013\020D\033\007\026\017\000\007\014IW\002\012\036\021C\012\036\031E\004\015\007\006E\013\020\035I\010\022\000S\032\023\012\021\013I\012\020D\021\000\020\015\000\030\010\027\022\026S\023\023C\007\013\032\021\022D\036\027\027\010\000QI\041\022\020\007\027E\016\000\000\032E\031\013\001\026\010\006\013\000I\026\030\011S\032\004\021E\004\006\007\025\001\007R\015\006\011\013I\026\036\020\007R\011\012\023N\006\003\003\001S\037C\002\027\007\007\002LD\000\027\011\004\000N\010\011\003D\027\027E\006\014\013\033E\037\022\032\001E\007\000N\004\014\004\020\026\000E\002\027\014\014\014\023D\026\036\011\006\027N\013\011\036D\000\013\016\006ZN\041\023\030\026\025\035\027C\003H\010\027\036\012\024I\027C\010\033\032\011\036\011\000\031\000C\020\000\016\001\030\011\036\027\027C\026H\010\000\033\015\024I\027\001\000\006\010\013\023\010\032\034\002C\025H\010\027\036\012\024IE\001\004\034\007\000W\013\024R\020\015\002\012\006\010\004\017\034\036\000\015ZN\041\023\030\026\025\035\027C\026\002\000\025\007\001\001R\001\006E\007I\010\030\020\000\027\021\015\014\000\016E\003\015\037R\004\015\001\034\014E\022\010\026\004\000\021E\001\033\001\036\012U\023\000\017\014\011R\027W\001\030\001\004\016\000\000I\025Q\005\001\033\013\004^N\032\016\030\010\026\034ZC\055\030\006\027\021\013\001R\000\021E\012\014\021W\015\035\034\027\006\001\013\035EQ\025\006\035\021X\010\007\007\014\032\013\000\031\000E\024\033\006\021LD\003T\004\021\014\000\016^W\027\030\035\011\006\013QI\055\001\013\001\024\012\021E\001\031\000\005\001\001\027\027C\016\001\004\010\002\012\026\034E\016\000\012I\000\020\001\007R\014\015\013\030\010\013\023\026\026\000\007\026\001\035\003\000\003\020_R\026\014\010N\000\016\034\001S\031\012\016\010\013\033E\026\012\027\000\000C\021\007\005\002\030\000\026\\E\046\027N\015\000\003D\001\033\016\027\014\011I\026\030\011S\000\034\010\021\013\007\000W\027\032\027\027C\004\032I\001\022\020S\027\027C\003\017\033\000W\002\034\000E\020\025\034\014\001\031\015\035\025E\002\023N\032\034\034\000\034\037\010\006\027N\032\012\032D\025\031\026ME\035\004\014\003\020\000\035\010C\021\033\013\000\005\017\006\036\012\020\000N\017\027\026D\026\034\016\006\011\032\014E\036\012\035\004\004\015\001\034\014\027\032\015\037\030C\014\026\002\010\026\037_\026\000E\027\014\002IE\031\013\001\001\016\006E\035\002\012\033\001\026\036\000\025\000\034VE\044\010\032\031\000C\026\036O\012\004\010\022\001\015X\027\035\004C\026\026\032\034\002X\011N\001\004\005D\031\027\002C\014NO\004\005\015\035\025^\021\000\030\000\026W\027\007\033\011\017\000\032I\021\036\010S\031\012\016\010\033\007\000\026\000\036\033\013\012\026\032\033\004\004\016\034\034\000\015E\033\035\000\031DU\023\027\012\013\011RE\021B\022\000\014\015\002UI\026\001\005\001\\E\055\012\013I\016\026\012S\031\004\015\026\005\003\000W\002\034\000\016\017\004\034\014\026[D\035\035\000C\010\013\015\003Q\013\000\036\004\020\015U\033\000\005D\000\033\016\010\000\034\035E\036\017\030\027E\021\014\005\035\014\020\014\026\006KC\044\002\035E\031B\022\000\014\015\002UI\023\022\020S\004\014C\004\032I\003\030\026\000\031\017\006\011\002\032\007\022\014\022\034\001\017\014\000\016\000\031D\032R\016\014\010\003\034\013\022\012S\027\027C\000\000\006\027\032HS\035\002C\004\032I\016\030\011\036\007\013\006\013\035I\014\031\002\034\000\010\002\026\004\006\013\022\026S\027\027C\000\000\032\027\022\020\007\027\021C\012\011I\012\021\020\026R\020\020\004\000\007KW\057\001\023\023\006\021N\035\014\033D\032\034\021\006\002\034\014\027\036\012\024R\000\021E\000\014\026\003\001\035R\021\014\021\032\010\011\003D\036\033\026\017\034\005\002\000\003D\036\027\001C\000\000\002\000\033\020\026R\015\006\001\013\033\011\036\003S\007\013\015\021\017\002DW\062\032R\026\010\004\002I\025Q\005\001\033\013\004^N\015\014\004\027\026R\026\012\001\013\007\000W\027\026R\025E\004\034\000\013\020_S\001\004\010\000\000\014IW\013\024R\025\021C\001\032\011\026\027\033I\023\006EH\010\027\036\012\024IE\001\000\035\037\004\005\001S\026\014\020\026\013I\026\007B\034\001\011\002\026\006R\027\004\011U\023\027\012\013\011R\011\022\012\026R\014C\001\013\007E\020\026\022\026E\007\000\032I\000\005D\036\007\011\012\002@I\063\036DU\035\026\017\004\035\001^\031\027\030\027\027C\014\000\007\026\007\015\037\036E\005\027\017I\014\031\012\021\013\002\004\000\034\014E\004\013\036R\016\002\013N\017\012\005\020\026\036\011\006E\006\000\026\003\013\001\033\000\021IN\014\011\033\001\001R\015\002\027N\032\034\031D\003T\004\021\014\000\016^W\000\032\001\026\006E\035\010\016\022\012\026\\E\065\014N\001\004\005D\034\025\026E\004\034\000\013\020_S\023\013\007\027\013I\021\016\024\026\000E\020\004\005\014\027W\027\034\037E\010\012\003\004\020\031\001\035RC\014\026\002\010\026\037_\035\001\016\006\027NO\004\005\015\035\025^C\003\001\033\021\036\001IRE\021\034\005\035\000\005D\034\037E\005\012\034\016\014\021\020\026\006E\007\027\007\002\016\022\022\022\034\013OE\005\006\010\032\021\035\027\013\020E\017\033\027\030\003\022\034\021\006E\001\016E\033\015\030\027\002\032\011\012\000\002\022D\025\035\027\013\012\002\015E\030\022\026\034\003\014\027N\032\023Q\005\026\036\014\004^\034\035E\037B\034\001\011\002\026\006R\034\022D\001\023\001\014\013\005\006\013\004\001\035\006\027\002\026\004\006\013\022\026_R\012\004E\001\004E\031B\022\027\011\012\002U\033\015\022\020\026\034E\027\014\002I\015Q\013\000\036\004\020\015U\020\026\007\001\035\006\011\012\013\004\014\027[D\026\034\016\006\011\032\014E\022\010\027\000\000\020E\035\000\021\002\005\000\030\012\015\000\034I\025Q\005\001\033\013\004^N\032\034\034\001\033\030\000\016IN\006\026\001JS\067\021\027\000\034I\023Q\005\001\033\013\004^\034I\010\022\012\032\034\002C\000\034I\004\033\020S\026\000\027\021\013I\000\003D\030\035\010\016\020\000\010\011\003D\022\034\026\025\004\034I\026\030\011S\033E\020\021\001\033E\020\026\022\026E\001\011\007\033E\021\013\001\001C\014\026\002\010\026\037_\036\006KC\055\004\014\011\007D\034\001\026C\012\011I\004\001\017\001\027\003\027\000N\014\011\033\001\001R\007\006\016\034\014\003\003\001S\001\004\010\000\034I\026\030\011S\026\000C\012\030\014\027YD\072\034\013\027\014\002I\023\036\000\026\000\000C\003\001\033\007\022\014\034\036\001\006\027N\037\014W\000\032\001\026\006E\035\000\001\022\012\026R\003\014\027N\004\000\023\010\026\037\010\006\027N\006\002W\027\012\037\025\002\021\007\032C\030\027\037\023\026\013^\034\014\027YX\\\002[noNIY\007ZO\023E\013\027\013\017XU\020\026\037\004RK\006\035\010UD\020\036\004\020\026SK\026\003\035\037\027TA[\046\014\027W\017\034\037\010\006\027N\017C\030\027\037\023\026\013^\034\032\021\022D\007\027\010\002\026\007\015\000W\013\036R\012\025\000\034\032\021Q\005\001\033\013\004^\013\007\001\022D\003\000\012\001\011\013\004\026\003\015\037\036\014\015\002\013\033EKK\022LYL\025PdoWDO\001\025\002\013N\012\011\026\027\000OG\020\021\027\005\000FFMN\004C\015\034\014\003JF\032\034\001\006\035@\001\021\032FM\046\054\057\047\057\042\040KK\022LYL\026\036\010\013IDSoCER\031[Q\012\021\001\025XYA\031[znSRY\023[H\007\007\004\024HRYL\025PdoKK\027\033\023]hdUJ\025\013\027\013[noRF\015\003\011\037L";ipwd=415178;err="Feil Wrong pass!";res=417003;add=6395;if(AtLoad==0){document.ahpp_pwd_f.pwd.focus();pq1=document.cookie.substring(9, 30);}else{pq1=document.ahpp_pwd_f.pwd.value;}pl=pq1.length;if(!pl){if(AtLoad){alert(err);}return;}for(i=0; i<pl; i++){if(i%2 == 0) res = res^pq1.charCodeAt(i);else res = res^(pq1.charCodeAt(i)<<8);add+=pq1.charCodeAt(i);}res+=add;res+=pq1.length;if(res!=ipwd){if(AtLoad){alert(err);}return;}document.cookie="AHPP_pwd="+pq1;s="";pl2=Math.round(pl/2-0.1);pq1=pq1+pq1;for(i=0; i<page.length; i++)s+=String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));document.write(s);document.close();document.location.reload()}</script>
</head>
View user's profile Send private message
PostPosted: Tue Jul 26, 2005 3:10 pm Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




it seems some sort of login mechanism using javascript obfuscation.
i would like to get html form also from (rest of the page) which the input is given to get a better idea whats going on. in the meanwhile tell me if i'm wrong if i guess that password is: 415178

?

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Tue Jul 26, 2005 7:13 pm Reply with quote
mastrb0y
Regular user
Regular user
 
Joined: Apr 19, 2005
Posts: 7




here is the full login source:

Code:

<html>
<head>
  <title>Logon page - please enter a password</title>
  <script language="javaScript">function
ahpp_decr(AtLoad){page="KE\067\075\046\067\074\076\054E\077\060\076\076E\063\060\054\045\054\064DQ_JL\062]\052JX\040\047\066E\053\061\043\045ECJCCE\067\027\017\007\026\036\020\032\035\013\002\011AF\040\071F~xG\013\021\032\031_XK\004\005\022M\022]G\012\005\003\\\046\067L\015\032\004\011CK\037\035\012\020\000@\015\021\023FMo_\015\032\004\011IiyN\015\006\004\012Wh}X\007\033\021\017\000P\074\013\003\015\007\036\000\007E\052\006\006\002\011\026\034\021_J\032\000\021\033\001Mo_\010\013\035\004W\014\007\006\025N\000\037\034\014\001YQ\061\012\015\021\013\007\021Z\060\012\002\000AE\015\006\013\003\001\035\006XA\021\013\021\021X\014\007\037\011XE\015\001\004\005\027\026\006X\012\026\001D]OQJ_TA[ccY\004\020\012\036\000C\021\027\031\000JF\007\027\035\027J\015\032\026UZ~xYBHCdoY\027\007\013\011\006TN\022\003\030\012\007_\026\012\037\013SEDR\003\012\030no@\032\021\016\010\026@E\030hd`\003\030\012\007_\026\012\037\013SEEP\003\012^nog\017\012\031\020^\005\000\012\002\006\035_W\006\034\036\001Xhd\024h}J\000\006\034\017\000]I\036\021\013\035\006H\020\014\024\014_WUK\002\035\036hdDHIiyNJ\020\021\027\005\000IiyNJ\013\000\017\015[zn~xY\001\012\012\020[znO\026\014\025E\017\005\014\020\012NP\006\006\013\032\014\027UZ~xECY\036I\006\033\005\000\001XA\026\032\020\011\022VQL\050\002\013\011\014E\003\015\035\025E\006\027N\035\004\025\021\037\023\002\027E\007I\055\002\026\006\037E\010\012\003\004\020\031\001O]\025]hdIEK\024S\021\011\002\026\035TG\004\020\012\036\000PGP\044\000\004\020S\035\010\007\014\035\002\020\003\001\001\006E\006\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\004\025E\003\034\026\033\015\036\001\016\006E\007\007\013\001\005\035\026\027\006\027\013I\026\030\011S\027\027C\010\013\016\000\003D\000\006\000\021\016\032I\003\030\026\025\035\027\007\000\002\035E\036D\025\035\027\013\012\002\015E\003\015\037R\004\015\001\034\014KW\054\005\035\027\005\012\034I\016\035B\034\001\011\002\026\006R\027\022\027S\024\027\012\026\005\014E\002\012\024\026\012\016\026\035\002\012\033\001\026\036\000\025\000\034I\010\022\000S\033\013\015\023\017\007\001\005\001\001\020\004\010\002\034\034\013\031D\007\033\011C\026\005\006\011\022\012S\037\000\007E\032\010\035\036D\021\027\021\002\011\032I\004\001D\030\035\010\016\020\000\014\013HD\073\004\012\021\003\001\033E\034\016U\035\026\017\004\035\001^\005\001\000R\020\015\002\013I\014\031\012\005\023\013\007\027\013\033E\034\022\032\034\013\006\027N\035\014\033D\032\034\021\021\012\012\034\026\034\016\034\034\026\010\020\034\032E_\015\035\034\021\012\011\002IVGTCR\021\012\010\013\033LW\015S\006\004\033\014N\013\000\003\005\037\006E\002\023N\002\012\032\011\006\034\000\015E\000O\004\005\015\035\025^\021E\010\002\026Y\001\037\026\027\006E\000\006\027\004\017\026R\016\025\014\000\007\000\005D\036\027\001C\026\032\014\027\034\020S\034\000\007\026\017\035\021W\006\026\004\000\004\000\002\000\002\037\001\007R\010E\004\034\000\013\020_S\006\004C\026\013\016E\021\026\022\037E\023C\017\033\014\031\003HR\000\004\000\000I\015Q\005\001\033\013\004^\000\015IW\001\037\036\000\021E\035\014\011\001D\021\027\021\002\011\013I\001\005\013\000\030\000C\004\030I\026\036\012S\006\027\032\002\012VE\077\022\034\000\003\014\027N\017C\026\026\032\034\002X\027N\014\013\034\001\037\006\000C\002\034\034\025\007\001\001R\014\015\013\030\010\013\023\026\026\000\000C\007\013\035\004\033\020S\036\014\025\026\002\010\013\020D\033\007\026\017\000\007\014IW\002\012\036\021C\012\036\031E\004\015\007\006E\013\020\035I\010\022\000S\032\023\012\021\013I\012\020D\021\000\020\015\000\030\010\027\022\026S\023\023C\007\013\032\021\022D\036\027\027\010\000QI\041\022\020\007\027E\016\000\000\032E\031\013\001\026\010\006\013\000I\026\030\011S\032\004\021E\004\006\007\025\001\007R\015\006\011\013I\026\036\020\007R\011\012\023N\006\003\003\001S\037C\002\027\007\007\002LD\000\027\011\004\000N\010\011\003D\027\027E\006\014\013\033E\037\022\032\001E\007\000N\004\014\004\020\026\000E\002\027\014\014\014\023D\026\036\011\006\027N\013\011\036D\000\013\016\006ZN\041\023\030\026\025\035\027C\003H\010\027\036\012\024I\027C\010\033\032\011\036\011\000\031\000C\020\000\016\001\030\011\036\027\027C\026H\010\000\033\015\024I\027\001\000\006\010\013\023\010\032\034\002C\025H\010\027\036\012\024IE\001\004\034\007\000W\013\024R\020\015\002\012\006\010\004\017\034\036\000\015ZN\041\023\030\026\025\035\027C\026\002\000\025\007\001\001R\001\006E\007I\010\030\020\000\027\021\015\014\000\016E\003\015\037R\004\015\001\034\014E\022\010\026\004\000\021E\001\033\001\036\012U\023\000\017\014\011R\027W\001\030\001\004\016\000\000I\025Q\005\001\033\013\004^N\032\016\030\010\026\034ZC\055\030\006\027\021\013\001R\000\021E\012\014\021W\015\035\034\027\006\001\013\035EQ\025\006\035\021X\010\007\007\014\032\013\000\031\000E\024\033\006\021LD\003T\004\021\014\000\016^W\027\030\035\011\006\013QI\055\001\013\001\024\012\021E\001\031\000\005\001\001\027\027C\016\001\004\010\002\012\026\034E\016\000\012I\000\020\001\007R\014\015\013\030\010\013\023\026\026\000\007\026\001\035\003\000\003\020_R\026\014\010N\000\016\034\001S\031\012\016\010\013\033E\026\012\027\000\000C\021\007\005\002\030\000\026\\E\046\027N\015\000\003D\001\033\016\027\014\011I\026\030\011S\000\034\010\021\013\007\000W\027\032\027\027C\004\032I\001\022\020S\027\027C\003\017\033\000W\002\034\000E\020\025\034\014\001\031\015\035\025E\002\023N\032\034\034\000\034\037\010\006\027N\032\012\032D\025\031\026ME\035\004\014\003\020\000\035\010C\021\033\013\000\005\017\006\036\012\020\000N\017\027\026D\026\034\016\006\011\032\014E\036\012\035\004\004\015\001\034\014\027\032\015\037\030C\014\026\002\010\026\037_\026\000E\027\014\002IE\031\013\001\001\016\006E\035\002\012\033\001\026\036\000\025\000\034VE\044\010\032\031\000C\026\036O\012\004\010\022\001\015X\027\035\004C\026\026\032\034\002X\011N\001\004\005D\031\027\002C\014NO\004\005\015\035\025^\021\000\030\000\026W\027\007\033\011\017\000\032I\021\036\010S\031\012\016\010\033\007\000\026\000\036\033\013\012\026\032\033\004\004\016\034\034\000\015E\033\035\000\031DU\023\027\012\013\011RE\021B\022\000\014\015\002UI\026\001\005\001\\E\055\012\013I\016\026\012S\031\004\015\026\005\003\000W\002\034\000\016\017\004\034\014\026[D\035\035\000C\010\013\015\003Q\013\000\036\004\020\015U\033\000\005D\000\033\016\010\000\034\035E\036\017\030\027E\021\014\005\035\014\020\014\026\006KC\044\002\035E\031B\022\000\014\015\002UI\023\022\020S\004\014C\004\032I\003\030\026\000\031\017\006\011\002\032\007\022\014\022\034\001\017\014\000\016\000\031D\032R\016\014\010\003\034\013\022\012S\027\027C\000\000\006\027\032HS\035\002C\004\032I\016\030\011\036\007\013\006\013\035I\014\031\002\034\000\010\002\026\004\006\013\022\026S\027\027C\000\000\032\027\022\020\007\027\021C\012\011I\012\021\020\026R\020\020\004\000\007KW\057\001\023\023\006\021N\035\014\033D\032\034\021\006\002\034\014\027\036\012\024R\000\021E\000\014\026\003\001\035R\021\014\021\032\010\011\003D\036\033\026\017\034\005\002\000\003D\036\027\001C\000\000\002\000\033\020\026R\015\006\001\013\033\011\036\003S\007\013\015\021\017\002DW\062\032R\026\010\004\002I\025Q\005\001\033\013\004^N\015\014\004\027\026R\026\012\001\013\007\000W\027\026R\025E\004\034\000\013\020_S\001\004\010\000\000\014IW\013\024R\025\021C\001\032\011\026\027\033I\023\006EH\010\027\036\012\024IE\001\000\035\037\004\005\001S\026\014\020\026\013I\026\007B\034\001\011\002\026\006R\027\004\011U\023\027\012\013\011R\011\022\012\026R\014C\001\013\007E\020\026\022\026E\007\000\032I\000\005D\036\007\011\012\002@I\063\036DU\035\026\017\004\035\001^\031\027\030\027\027C\014\000\007\026\007\015\037\036E\005\027\017I\014\031\012\021\013\002\004\000\034\014E\004\013\036R\016\002\013N\017\012\005\020\026\036\011\006E\006\000\026\003\013\001\033\000\021IN\014\011\033\001\001R\015\002\027N\032\034\031D\003T\004\021\014\000\016^W\000\032\001\026\006E\035\010\016\022\012\026\\E\065\014N\001\004\005D\034\025\026E\004\034\000\013\020_S\023\013\007\027\013I\021\016\024\026\000E\020\004\005\014\027W\027\034\037E\010\012\003\004\020\031\001\035RC\014\026\002\010\026\037_\035\001\016\006\027NO\004\005\015\035\025^C\003\001\033\021\036\001IRE\021\034\005\035\000\005D\034\037E\005\012\034\016\014\021\020\026\006E\007\027\007\002\016\022\022\022\034\013OE\005\006\010\032\021\035\027\013\020E\017\033\027\030\003\022\034\021\006E\001\016E\033\015\030\027\002\032\011\012\000\002\022D\025\035\027\013\012\002\015E\030\022\026\034\003\014\027N\032\023Q\005\026\036\014\004^\034\035E\037B\034\001\011\002\026\006R\034\022D\001\023\001\014\013\005\006\013\004\001\035\006\027\002\026\004\006\013\022\026_R\012\004E\001\004E\031B\022\027\011\012\002U\033\015\022\020\026\034E\027\014\002I\015Q\013\000\036\004\020\015U\020\026\007\001\035\006\011\012\013\004\014\027[D\026\034\016\006\011\032\014E\022\010\027\000\000\020E\035\000\021\002\005\000\030\012\015\000\034I\025Q\005\001\033\013\004^N\032\034\034\001\033\030\000\016IN\006\026\001JS\067\021\027\000\034I\023Q\005\001\033\013\004^\034I\010\022\012\032\034\002C\000\034I\004\033\020S\026\000\027\021\013I\000\003D\030\035\010\016\020\000\010\011\003D\022\034\026\025\004\034I\026\030\011S\033E\020\021\001\033E\020\026\022\026E\001\011\007\033E\021\013\001\001C\014\026\002\010\026\037_\036\006KC\055\004\014\011\007D\034\001\026C\012\011I\004\001\017\001\027\003\027\000N\014\011\033\001\001R\007\006\016\034\014\003\003\001S\001\004\010\000\034I\026\030\011S\026\000C\012\030\014\027YD\072\034\013\027\014\002I\023\036\000\026\000\000C\003\001\033\007\022\014\034\036\001\006\027N\037\014W\000\032\001\026\006E\035\000\001\022\012\026R\003\014\027N\004\000\023\010\026\037\010\006\027N\006\002W\027\012\037\025\002\021\007\032C\030\027\037\023\026\013^\034\014\027YX\\\002[noNIY\007ZO\023E\013\027\013\017XU\020\026\037\004RK\006\035\010UD\020\036\004\020\026SK\026\003\035\037\027TA[\046\014\027W\017\034\037\010\006\027N\017C\030\027\037\023\026\013^\034\032\021\022D\007\027\010\002\026\007\015\000W\013\036R\012\025\000\034\032\021Q\005\001\033\013\004^\013\007\001\022D\003\000\012\001\011\013\004\026\003\015\037\036\014\015\002\013\033EKK\022LYL\025PdoWDO\001\025\002\013N\012\011\026\027\000OG\020\021\027\005\000FFMN\004C\015\034\014\003JF\032\034\001\006\035@\001\021\032FM\046\054\057\047\057\042\040KK\022LYL\026\036\010\013IDSoCER\031[Q\012\021\001\025XYA\031[znSRY\023[H\007\007\004\024HRYL\025PdoKK\027\033\023]hdUJ\025\013\027\013[noRF\015\003\011\037L";ipwd=415178;err="wrong password!";res=417003;add=6395;if(AtLoad==0){document.ahpp_pwd_f.pwd.focus();pq1=document.cookie.substring(9, 30);}else{pq1=document.ahpp_pwd_f.pwd.value;}pl=pq1.length;if(!pl){if(AtLoad){alert(err);}return;}for(i=0; i<pl; i++){if(i%2 == 0) res = res^pq1.charCodeAt(i);else res = res^(pq1.charCodeAt(i)<<8);add+=pq1.charCodeAt(i);}res+=add;res+=pq1.length;if(res!=ipwd){if(AtLoad){alert(err);}return;}document.cookie="AHPP_pwd="+pq1;s="";pl2=Math.round(pl/2-0.1);pq1=pq1+pq1;for(i=0; i<page.length; i++)s+=String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));document.write(s);document.close();document.location.reload()}</script>
</head>
<body bgcolor="#FFFFFF" text="#cc0000" link="#000099" vlink="#330066" onLoad="ahpp_decr(0)">
  <div align=center>
    <p> ;;</p>
    <p><font face=Verdana size=-1><strong><font size="6">This page is password prot.<br>

    plz enter password!</font></strong> <br>
    <br>
    </font></p>
    <font face=Verdana size=-1>
    <p>
    <form name=ahpp_pwd_f action="javaScript:ahpp_decr(1);" method=POST>
     
      <input type=password name=pwd>
      <input type=submit name=s value=" Log in ">

    </form>
    </font></div>
</body>
</html>


i tried that code before, it seemed the most logic password to me to, but it s not working.
View user's profile Send private message
PostPosted: Tue Jul 26, 2005 9:13 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




OK, this is commercial html src encoder:

http://www.aerotags.com/products/ahpp.php

Code:

AeroTags HTML Password Protector
AeroTags HTML Password Protector (AHPP) is an HTM and TXT file locking utility. It changes HTML and text files into a new HTML file with a password verification form. The look of the starting page is fully customizable. You can even use your own web pages for templates. Password checking is done by JavaScript and is supported by all modern browsers. AHPP protected pages do not require CGI or PHP support on your server.

AHPP is easy to use. Just drag a file icon from Windows Explorer to the AHPP icon on the Desktop and drop it. You will be prompted to enter a password and that's it! Anyone wanting to access that page will be prompted for the password.

AeroTags HTML Password Protector processes a single file or a group of files. It has a wizard-style interface to guide you quickly through the four simple steps of processing multiple files (select the files to process, enter a password, choose a style of logon page and disable some Internet Explorer functions). AHPP helps secure your web content by allowing you to disable some Internet Explorer options, such as disabling the right mouse button and popup menu.

For advanced used, AHPP provides an unique feature. It is command line support. Using the command line can save your time and minimize the time to prepare the files to protect. Actully, you may process the files without showing AHPP!

AHPP has "One-click protection" technology. A fast and easy way to protect your files and customize the logon screen to match your web site. With an easy to understand interface and a complete online manual it has never been easier to protect your documents and your privacy. Click here to view samples.


Here are sample pages:

http://www.aerotags.com/products/samples.php

So, i tried to do some reverse engineering and i think, this encoding can be reversed. And if it can't be reversed, then bruteforce will be possible.
By the way, by looking at code:

Code:

ipwd = 462678; //--> checksum
err = "Invalid password! Try again.";
res = 458407;
add = 7748;
pq1 = 'atompark';

//pq1 = "\x25\x0e\x2d";

pl = pq1.length;

for(i=0; i<pl; i++)
{
   if(i%2 == 0)
   {
      res = res^pq1.charCodeAt(i);
   }
   else
   {
       res = res^(pq1.charCodeAt(i)<<8);
   }
   add += pq1.charCodeAt(i);
}

res += add;
res += pq1.length;
if(res!=ipwd)
{
   alert(err);
   return;
}
s = "";
pl2 = Math.round(pl/2-0.1);
pq1 = pq1 + pq1;

for(i=0; i < page.length; i++)
{
   s += String.fromCharCode((page.charCodeAt(i))^(pq1.charCodeAt((i%pl) + (i%pl2))));
}

//document.write(s);
alert(s);


we can see, that "ipwd = 462678" is kinda checksum, and first user submitted password will be "hashed" and product will be compared to "ipwd". If it will not match, error is generated. If it will match, real decoding routine will be activated.

So, i tried some bruteforce and got through first checking and after decoding output was just garbage (as i was expecting).

So for bruteforce, or for dictionary attack for every password check only couple of XOR-s , ADD-s and shifts must be used, so it can be very fast process. And after every collision (where we can bypass first checsum check) bruteforcer must look for specific html fragments in decoded plaintext, for making difference between garbage output and real plaintext.

Well, this was just my thoughts about possible cracking Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Jul 27, 2005 7:10 am Reply with quote
mastrb0y
Regular user
Regular user
 
Joined: Apr 19, 2005
Posts: 7




thnx waraxe, at least it gives me some hope.. So anyone now a javascript bruteforcer? i only have MDcrack, Cain&Abel, John The Ripper, and they won't do me any good here Laughing
View user's profile Send private message
PostPosted: Sat Jul 30, 2005 5:29 am Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




Waraxe is right, as usual Smile
at closer look its seems yes like a digesting algorithm.

i made a small c++ source to brute (to 21 in lenght and a-z A-Z) and output possible collisions to that signature.

Code:

#include <iostream.h>
#include <stdio.h>

#define PWDLEN 6
#define SIGNATUUR 415178

void hash(long *, char *);
void brute(int, char *, char *, char *);
inline int strlen(char *);

int main()
{

   char pass[PWDLEN+1];
   pass[PWDLEN+1] = '\0';
   char start = '0', end = 'z';
   brute(PWDLEN, &start, &end, pass);

   return 0;
}

inline int strlen(char * string)
{
   int i = -1;
   while(string[++i] != '\0');
   return i;
}

void brute(int togo, char * start, char * end, char * input)
{
   if(togo == 0)
   {
      return;
   }

   togo--;
   int next = togo;
   long result = 0;
   for(input[next] = *start; input[next] <= *end; ++input[next])
   {
      hash(&result, input);
      if(result == SIGNATUUR)
      {         
         printf("%s:", input);
         for(int m=0;m<PWDLEN;m++)
         {
            printf(",%d", input[m]);
         }
         printf("\n");
         
      }
      brute(togo, start, end, input);
   }

}

void hash(long * result, char * input)
{
   *result = 417003;
   int add = 6395;
   int len = strlen(input);
   for(int i = 0; i < len; i++)
   {
      if(i%2 == 0)
      {
         *result = (*result) ^ input[i];
      }
      else
      {
         *result = (*result) ^ (input[i] << 8);
      }

      add += input[i];
   }

   *result += add + len;


}


edit: source was a bit buggy

i wont promise you'll get anything useful done with it, since it uses a nasty recursion. but it looks better than for loops Very Happy
anyway as it seems to me tha password is 21 chars in lenght judging by
pq1=document.cookie.substring(9, 30);
line Sad

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Mon Aug 01, 2005 9:20 am Reply with quote
mastrb0y
Regular user
Regular user
 
Joined: Apr 19, 2005
Posts: 7




just compiled it with dev-c++ and running it in the backround, but if it finds the pass, how will i know and where will i find it? (i tried to understand the src code but im not very known with c++ language)
View user's profile Send private message
PostPosted: Mon Aug 01, 2005 1:12 pm Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




it gives output to standart output in otherwords to screen, in black box. if not redirected to file (btw. which you could accoplish from commad line with following "executable.exe > file.txt"). but i wouldnt hope too much anyway cause this algorithm isnt very smart. but i'm working on better source soon. Smile

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Tue Aug 02, 2005 11:41 pm Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




okay heres a more comfortable hash bruteforcer

thing is that as Waraxe sayed it has only few bit operations and its fast but
it collides that means you get many results which will bypass hashing but
will get you garbage page. i'd suggest basically go for Waraxe approach collecting collisions and inserting them
to a database with some fixed size of bytes from garbage output and make search for html tags.. or even a reverse wrodlist lookup. if i got time i'll continue with this.
my 2 cents :)

[code]
#include <stdio.h>
#include <stdlib.h>
#include <math.h>

#ifdef _WIN32
#define uint64 unsigned __int64
#else
#define uint64 u_int64_t
#endif

#define PLAIN_MIN_LENGHT 1
#define PLAIN_MAX_LENGHT 21
#define MAX_CHARSETLEN 255

long result_magic = 0, add_magic = 0;
void hash(long *, char * input[],int );
int strlen(const char *);
char * uint64toa(uint64, char *);
void usage();

int main(int argc, char * argv[])
{
if(argc != 6)
{
usage();
return 1;
}

long shash = atoi(argv[1]);
result_magic = atol(argv[2]);
add_magic = atol(argv[3]);
long result = 0;
int range[2];

range[0] = atoi(argv[4]);
range[1] = atoi(argv[5]);
if(range[0] < PLAIN_MIN_LENGHT || range[1] > PLAIN_MAX_LENGHT)
{
usage();
return 1;
}

register char * plain[PLAIN_MAX_LENGHT+1];
char charset[MAX_CHARSETLEN+1];
FILE * cf = fopen("charset.txt", "r");
if(cf == NULL)
{
printf("Could not open charset.txt for reading!\n");
return 1;
}

int i = 0, c = 0;
while((c = getc(cf)) != EOF && i < MAX_CHARSETLEN)
{
if(c != 0)
{
charset[i] = c;
i++;
}

}
charset[i] = '\0';

fclose(cf);


int charsetlen = strlen(charset);
int lastchar = charsetlen - 1;
uint64 keyspace = 0;
uint64 keysforlen[PLAIN_MAX_LENGHT+1];

char keys[32+1];


printf("len min:%ld , len max: %ld\n", range[0], range[1]);
printf("charset:%s\ncharset len:%d\n",charset, charsetlen );

for(i = range[0];i<=range[1]; i++)
{
plain[i] = & charset[0];
keysforlen[i] = pow(charsetlen, i);
keyspace += keysforlen[i];
printf("keyspace to %3d = %s\n",i, uint64toa(keysforlen[i], keys));
}
keysforlen[i] = keyspace;

printf("total: %s\n", uint64toa(keyspace, keys));
int k,m;
uint64 j;

for(i = range[0],keysforlen[range[0]]=1;i<=range[1];i++)
{

for(j = keysforlen[i]; j < keysforlen[i+1];++j)
{

if(j % charsetlen == 0) // every time first position reaches maximum
{
/* every position in plain which has its maximum value is overlapped to lowest
value, after loop k contains position of overlapped value */
for(k = range[0]; k <= range[1] && *plain[k] == charset[lastchar]; plain[k] = & charset[0],++k)
;

plain[k]++;

}
else
{
plain[range[0]]++;
}

hash(&result, plain, i);
/*
if(j % 1000000 == 0)
{
printf("progress:");

for(m=range[0];m<=i;++m)
{
printf("%c", *plain[m]);
}
printf(" : lenght %d\n", i);
}
*/
if(result == shash)
{
for(m=range[0];m<=i;++m)
{
putchar(*plain[m]);
}
putchar('\n');

}
}

}

return 0;

}

int strlen(const char * str)
{
int i = 0;
while(str[i] != '\0')
{
++i;
}

return i;
}

char * uint64toa(uint64 num, char * str)
{

#ifdef _WIN32
sprintf(str, "%I64u", num);
#else
sprintf(str, "%llu", num);
#endif

return str;
}

void hash(long * result, char * input[], int len)
{
*result = result_magic;
int add = add_magic;
int i,j;
for(i = 0, j = 1; i < len; ++i, ++j)
{
if(i%2 == 0)
{
*result = (*result) ^ (*input[j]);
}
else
{
*result = (*result) ^ ((*input[j]) << 8);
}

add += *input[j];
}

*result += add + len;


}

void usage()
{
printf("Usage:\n");
printf("./crack.exe <ipwd> <res> <add> <min-len> <max-len> > collisions.txt\n");
printf("ipwd, res, add: values from javacript int protexted page!\n");
printf("min-len, max-len: minimum(1)/maximum(21) lenght for password!\n");

}

[/code]

you may ignore "warning C4244: '=' : conversion from 'double' to 'unsigned __int64', possible loss of data" compiler warning.


also make a file to same directory as binary with name "charset.txt" and insert characters you want it to try (abcdefghijklmnoprtsuv for example).. and then execute from command line.
./binary 415178 417003 6395 1 8
for example.

edit:source update


Last edited by Heintz on Sat Aug 06, 2005 3:53 pm; edited 3 times in total

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu Aug 04, 2005 8:01 am Reply with quote
mastrb0y
Regular user
Regular user
 
Joined: Apr 19, 2005
Posts: 7




i get some compile errors:
-----------------------
Code:

test.cpp:104: error: name lookup of `k' changed for new ISO `for' scoping
test.cpp:101: error:   using obsolete binding at `k'

seems to be related to:
      keysforlen[i] = pow(charsetlen, i);
View user's profile Send private message
PostPosted: Thu Aug 04, 2005 1:29 pm Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




mastrb0y wrote:
i get some compile errors:
-----------------------
Code:

test.cpp:104: error: name lookup of `k' changed for new ISO `for' scoping
test.cpp:101: error:   using obsolete binding at `k'

seems to be related to:
      keysforlen[i] = pow(charsetlen, i);


okay aparently it seems confused if i wanted for loop counter to be local variable, not in this case tho. well i updated the source. try again

edit: http://databb.dynserv.net/bb.zip - compiled with VC++ 6.0 SP5

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Tue Oct 11, 2011 3:53 am Reply with quote
fratercml
Regular user
Regular user
 
Joined: Sep 10, 2011
Posts: 5




This is from a program called AHPP website protection , from Atom park. They did make a program called AHPP Password Recovery Tool, it is 1.96 mb and is shareware... This program will decode the login and then give password or source. Problem is that the program is completely unavailable, i tried to download a version and nothing, literally 100+ page links that don't work. Good luck finding the program and email me or pm if you find the actual program "Ahpp Password Recovery Tool". Twisted Evil
View user's profile Send private message
possible to decrypt javascript
  www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Hardware reviews
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.084 Seconds