|
dave123
Funny Boy
Gender: Female Location: Cactusland? |
so du know the pass/user combo or url, or have u gotta work it still?
__________________
Thanks to Ladyluck for the softcore porn!
|
Oct 1st, 2003 09:32 PM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
joeboy> wow... man I wish I knew more about the stuff that site was talking about. I'd love to help you guys out, but right now I don't know what that site is saying. Arrrgghh... ok ok. Well if you can translate it, or just put things in little steps, I really might be able to help.
Let me know
__________________
Simply, Priest
|
Oct 1st, 2003 09:42 PM |
|
|
| |
|
dave123
Funny Boy
Gender: Female Location: Cactusland? |
what u need to know, simple?
__________________
Thanks to Ladyluck for the softcore porn!
|
Oct 1st, 2003 09:43 PM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
dave123> First of all, I just looked at it again... Is that C++ !?!? If so I'm in business. I can probably figure out what's going on. If not, then I just need to know what's going on.
Ummm... basically, if someone can break down the ideas that site is trying to say into little tasks, then tell those to me, I might be able to find my own way to do them. So what are the steps... that's what I need to know... I'd love to give this thing a few cracks... I've never "hacked" anything before... Gotta start somewhere.
__________________
Simply, Priest
|
Oct 1st, 2003 09:47 PM |
|
|
| |
|
dave123
Funny Boy
Gender: Female Location: Cactusland? |
i dont think its as complex as hacking the site (properly)
just picking up on clues to solve the passwords and such
also, on the directories type ????elizabeth (cant remember her surname) theres some interesting stuff there
and the metaVRX sister site is REALLY hinting at it becoming the matrix
__________________
Thanks to Ladyluck for the softcore porn!
|
Oct 1st, 2003 09:49 PM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
OK... I see. Cool... Soooo, if I wanted to "unhash" something I can use the steps on that site... ok, I think I can do that. But where are the things we need to unhash?
__________________
Simply, Priest
|
Oct 1st, 2003 09:55 PM |
|
|
| |
|
dave123
Funny Boy
Gender: Female Location: Cactusland? |
talk to joeboy about that, i aint got a clue.
although i said its not about hacking the site, u obviously could, and just save loads of thinking time
any ideas what this site is advertising? or is it just information (i think that aqua place is Zion, that game thing evolves into the Matrix, and perhaps that company makes the robots thaat take over the world, just some ideas to work on)
__________________
Thanks to Ladyluck for the softcore porn!
|
Oct 1st, 2003 09:59 PM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
joeboy> you said you were trying to use her birthday. Where did you find out what her birthday is?
__________________
Simply, Priest
|
Oct 1st, 2003 10:18 PM |
|
|
| |
|
dave123
Funny Boy
Gender: Female Location: Cactusland? |
go to directories, then the western USA one
type in her surname then elizabeth (no spaces)
go 2 her site, then onto another site from there
its got her personal info, plus some interesting matrixy experiences
http://www.little-boxes.net - thats the site that tells u
__________________
Thanks to Ladyluck for the softcore porn!
|
Oct 1st, 2003 10:20 PM |
|
|
| |
|
KevinLeeC
Junior Member
Gender: Location: United States |
Interesting
If you go to the Underscore Hosting site and click on Support you get to this url:
http www underscorehosting com/support/index.htm
You get to enter an ID/Password combination. What's interesting is that the program which checks the password is scripted. Here's what looks like the relevant section:
function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
if(usercode==967612988160000&&passcode==17390546100000)
{
window.location=password+".htm"}
else{
alert("Invalid Username/Password")}
}
I don't have time to reverse-engineer the password at this point (late for a class), but I think it should be pretty easy. Anybody wanna take a crack and tell us what's behind door number one?
KC
|
Oct 2nd, 2003 01:00 AM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
Wow... Ok, I can definitely do this now... I'm on it. Might be a while. I'm gonna have to write a C++ file to help me out.
__________________
Simply, Priest
|
Oct 2nd, 2003 01:22 AM |
|
|
| |
|
JediHDM
Jedi of the Matrix
Gender: Male Location: United States |
OK, maybe y'all should go take a look at the metacortechs website, esp the news tab, maybe on the date 9/29/03...
__________________
FOR THE MOTHERLAND!! KMC KGB
|
Oct 2nd, 2003 01:38 AM |
|
|
| |
|
obhaive
mmm red pills...arhghhhhh
Gender: Unspecified Location: Uh-Stray-Lee-Ah |
The hackers were running scripts to generate usernames and passwords...this is different...Simple i strying to reverse an algorithm...which is really hard to do....
What i find interesting is that there is only two answers...so every username and password is generated according to fact that put through this algorithm will produce said result, or there are only 1 username and password that is valid!
|
Oct 2nd, 2003 01:54 AM |
|
|
| |
|
SimplePriest
Senior Member
Gender: Male Location: United States |
obhaive> you are right... this is very hard to do. At least for me... But I love the challenge!!! of course, I'm sure someone will come along and find a simple and easy way to do it, but....
__________________
Simply, Priest
|
Oct 2nd, 2003 02:16 AM |
|
|
| |
|
obhaive
mmm red pills...arhghhhhh
Gender: Unspecified Location: Uh-Stray-Lee-Ah |
To reverse an algorithm is in the range of people skilled at encryption...
The usercode(and passcode) is a product of the unicode values of the characters in the username(password)...so insert parrallel computing effort here maybe seti@home will come to the aid....
Makes me think several things:
It is not meant to be solved in a hurry
It is not meant to be solved...
it is the possible method that the metacortechs site uses for there login...
The metadex log in for elizabeth is emc2, and she uses that name for email addresses...maybe it is common...i am also not sure if her birthday is used in the password and she states that she does not put much inot anniversaries/BUT to hide something well, leave it it plain site!
|
Oct 2nd, 2003 02:46 AM |
|
|
| |
|
joeboy
Da Licker
Gender: Unspecified Location: United States |
It's not hard, i just don't have the time.
this is the method. Instead of doing a true reverse you start with two alpha and work up. Tell the program to only give you the output of that will hash to that number. It want be many, that's the nice thing about a hash.
Jedi > that is a hash checker on the site.
__________________
Life is a tale, told by an idiot. Full sound and fury, signifying nothing. I am gone if you want to contact me, [email protected]
|
Oct 2nd, 2003 02:46 AM |
|
|
| |
|
KevinLeeC
Junior Member
Gender: Location: United States |
The fact that there's only one right ID/Password combination is the tip-off that this is a truly fake site. My guess is that when we get in, we'll be able to see Beth McConnell's files and/or Metacortex's files.
I'd also bet the ID/Password combo will work on the MetaDex site. (Even in the real world, people often use the same ID/Password combo for multiple purposes.)
Simple Priest, thanks for your help!
KC
|
Oct 2nd, 2003 02:49 AM |
|
|
| |
|
joeboy
Da Licker
Gender: Unspecified Location: United States |
i will solve it this weekend. It want take long. It's simple math. You dont need to write a knocker program. Just a program that will gill you all the differenf alpha combo's that == that hash. The hold point of the ahsh is not to have that many possiblities.
It's like this. If they told you it was two numbers that sumed to 100, you would erite a program that would kick out evey set of two numbers that added to 100. Thats a simple nested loop.
Now expand the idea to 26 or even 100 number. A computer will give you the results in seconds.
__________________
Life is a tale, told by an idiot. Full sound and fury, signifying nothing. I am gone if you want to contact me, [email protected]
|
Oct 2nd, 2003 02:51 AM |
|
|
| |
|
joeboy
Da Licker
Gender: Unspecified Location: United States |
that the thing about this hash, you only need to know login, screw the password
the site is based on login only. That why it's not a good hashing scheme . to easy to hack.
__________________
Life is a tale, told by an idiot. Full sound and fury, signifying nothing. I am gone if you want to contact me, [email protected]
|
Oct 2nd, 2003 02:52 AM |
|
|
| |
|
joeboy
Da Licker
Gender: Unspecified Location: United States |
http://cert.uni-stuttgart.de/archiv...6/msg00138.html
that site explains this in more detail. Writing programs are easy to me, and doing website are my job.
If the realy wanted more security, they would have tied it to a database or hid it in flash as the other site did. They did not even hide the code in php. it was meant to be hacked.
__________________
Life is a tale, told by an idiot. Full sound and fury, signifying nothing. I am gone if you want to contact me, [email protected]
|
Oct 2nd, 2003 02:55 AM |
|
|
| |
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
|
|
Text-only version |
|
|