Re: Encrypted Password script - easy to defeat

• Previous message: cepacolmaxat_private: "Re: [Full-Disclosure] Symantec Change Posting Criteria (was Re: Administrivia)"
• Next in thread: noconflic: "Re: Encrypted Password script - easy to defeat"
• Reply: noconflic: "Re: Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ianlyteat_private] Fri, Jun 27, 2003 at 09:41:51AM +0100 wrote:
> 
> List,
> 
>     I've come across a site protected by the following script :
> 
> function submitentry(){
> password = document.password1.password2.value.toLowerCase()
> username = document.password1.username2.value.toLowerCase()
> passcode = 1
> usercode = 1
> for(i = 0; i < password.length; i++) {
> passcode *= password.charCodeAt(i);
> }
> for(x = 0; x < username.length; x++) {
> usercode *= username.charCodeAt(x);
> 

   Here is one I coded in C. It handles numbers 0-9 as well as a-z
I may add special chars later on, but i dunno. Notes are at the top 
of code.

     http://nocon.darkflame.net/code/jscript-decode.c


- nocon

---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with 
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn 
more.
----------------------------------------------------------------------------

• Next message: vruyat_private: "NetbiosSpy 1.3 released"
• Previous message: cepacolmaxat_private: "Re: [Full-Disclosure] Symantec Change Posting Criteria (was Re: Administrivia)"
• Next in thread: noconflic: "Re: Encrypted Password script - easy to defeat"
• Reply: noconflic: "Re: Encrypted Password script - easy to defeat"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 09:15:03 PDT