Re: Encrypted Password script - easy to defeat

• Previous message: Javier Fernandez-Sanguino: "Re: pen testing management and control system"
• Next in thread: noconflic: "Re: Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here is something that was 'constructed' over the past week.  I
worked a bit with Ian to make sure it covered what it should.

Questions? Let me know.

-Mike

On Fri, Jun 27, 2003 at 09:41:51AM +0100, Ian Lyte wrote:
> 
> List,
> 
>     I've come across a site protected by the following script :
> 
> function submitentry(){
> password = document.password1.password2.value.toLowerCase()
> username = document.password1.username2.value.toLowerCase()
> passcode = 1
> usercode = 1
> for(i = 0; i < password.length; i++) {
> passcode *= password.charCodeAt(i);
> }
> for(x = 0; x < username.length; x++) {
> usercode *= username.charCodeAt(x);

*snip* 
> 
>    Thanks in advance
> 
> Ian

-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37

• application/x-perl attachment: jscript_password.pl

• Next message: balwantat_private: "Delhi PenTest Group meeting"
• Previous message: Javier Fernandez-Sanguino: "Re: pen testing management and control system"
• Next in thread: noconflic: "Re: Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 10:59:01 PDT