Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password -Javascript, can you beat it? 1

Status
Not open for further replies.
invertigo

invertigo

Technical User
Joined
Jan 16, 2006
Messages
8
Location
NL
Hello all,

Ive been working on a little javascript latelty to protect parts of my website. Its just a script with a single password (no username and such), but id like to know if its a bit save. Not that i coded it myself 100%, i used parts of existing javascript codes taken from Js websites and made parts myself.
So, id like to ask a few of the Pro's here to try hacking my script and retrieving the password :).
I hope its a challenge for the ones who dont mind trying to beat it :).

Ofcourse you are probably wondering why im asking this question here?. well, i got this website from a friend of mine who browses it regularly.. and he told me there are some fairly good Javascripters on :).

But here is the script:


<SCRIPT LANGUAGE="JavaScript">
var str_in;
var str_out = "";
var num_in;
var num_out = "";
var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
InternetExplorer = (navigator.appName.indexOf("Microsoft")!=-1);
version5 = (navigator.appVersion.indexOf("5") != -1);
netscape = (navigator.appName.indexOf("Netscape") != -1);
version4 = (navigator.appVersion.indexOf("4.") != -1);
//ip=java.net.InetAddress.getLocalHost().getHostAddress();

if (netscape && version4) {
ip = "" + java.net.InetAddress.getLocalHost().getHostAddress();
if (ip.indexOf("131.211.") == 0)
// This would block anyone with ip adress different from 131.211.xxx.xxx
{pw = num_to_str();
go(pw);
}
else {
pw = passwd();
go(pw);
}
}
else {
pw = passwd();
go(pw);
}



function num_to_str() {
str_out = "";
num_out="9974899982878093";

for(i = 0; i < 16; i += 2) {
num_in = parseInt(num_out.substr(i,[2])) + 23;
num_in = unescape('%' + num_in.toString(16));
str_out+= num_in;
}

passwd = unescape(str_out);

num_out = "";
return(passwd);
}

function passwd() {
var password = "63995" ;
// The desired password
var message = "Whats the password im looking for?";
// The message to show when the user is prompted for the password
var incmess = "Wrong Pass!";
// The message to show if the password is incorrect
var pw = prompt (message,"");

h1=makehash(pw,3);
if (h1 != password) {
alert (incmess);
//window.history.back ();
pw="default";
return(pw);
}
else {
return(pw);
}
}

function makehash(pw,mult) {
if (pw == null) {
return;
}
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+1);
c=alpha.indexOf(letter,0)+1;
hash=hash*mult+c;
}
return(hash);
}

function go(pw){
location.href=pw+".shtml";
}


// End -->
</script>

ps, its not "63995" that would be to easy ;)

Invertigo.
 
Sort by date Sort by votes
Why not run your hash code on the web server instead of the client browser?

That would seem to be more secure because you won't be giving pontential hackers any code to reverse engineer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question Question
Passing fields from (html-JavaScript) table to JavaScript Function
Replies
0
Views
1K
lexer
lexer
Mike Lewis
  • Locked
  • Question Question
Anyone here got any experience of Grid.JS (a sortable Javascript grid)
Replies
5
Views
2K
Mike Lewis
Mike Lewis
JScannell
  • Locked
  • Question Question
Javascript events
Replies
1
Views
636
Daniel K
Daniel K
Marclem
  • Locked
  • Question Question
javascript:navigator.registerProtocolHandler
Replies
1
Views
650
Marclem
Marclem
JScannell
  • Locked
  • Question Question
Javascript issue on iPhone/iMac platforms
Replies
0
Views
952
JScannell
JScannell

Part and Inventory Search

Sponsor

Back
Top