MarksBlog

On Thursday night found a lizard on our path. Took a photo.

For Canvey Island Dental Practice.
Experience preferred, but not essential.
Training will be given.

Please telephone 01268 754486 for further details.

Update: This post has now been filled. Thank you to all who applied.

I came across a website recently with the following Javascript code to password protect the site
function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}

if(usercode==160891453245600&&passcode==120622737064212)

{
window.location=password+”.htm”}
else{
alert(passcode)}
}

I thought it might be possible to find the username and password, so I put together the following JavaScript

do{
passcode = 0
var j = Math.ceil((Math.random()*26) + 96);
var k = Math.ceil((Math.random()*26) + 96);
var l = Math.ceil((Math.random()*26) + 96);
var m = Math.ceil((Math.random()*26) + 96);
var o = Math.ceil((Math.random()*26) + 96);
var p = Math.ceil((Math.random()*26) + 96);
var q = Math.ceil((Math.random()*26) + 96);
passcode = (j*k*l*m*o*p*q);
}while (passcode!=120622737064212);
alert (j + " " + k + " " + l + " " + m + " " + o + " " + p + " " + q);

Unfortunately the JavaScript interpreter of my browser couldn’t cope with this, but the principle of the script was basically OK. You can see this by running the following script

do{
passcode = 0
var j = Math.ceil((Math.random()*26) + 96);
var k = Math.ceil((Math.random()*26) + 96);
var l = Math.ceil((Math.random()*26) + 96);
var m = Math.ceil((Math.random()*26) + 96);
//var o = Math.ceil((Math.random()*26) + 96);
//var p = Math.ceil((Math.random()*26) + 96);
//var q = Math.ceil((Math.random()*26) + 96);
passcode = (j*k*l*m);
}while (passcode!=132825000);
alert (j + ” ” + k + ” ” + l + ” ” + m );
This should give you an alert message with 110 105 115 and 100, when you set up a web-page with this script. From the length of the numbers 160891453245600 and 120622737064212 I guessed there were 2 seven letter sequences to be found. To break the original problem I had to resort to a bash script:

#!/bin/bash
RANDOM=$$

PIPS=26
MAXTHROWS=1
throw=0
passcode=0

zeroes=0
ones=0
twos=0
threes=0
fours=0
fives=0
sixes=0
sevens=0
eights=0
nines=0
tens=0
elevens=0
twelves=0
thirteens=0
fourteens=0
fifteens=0
sixteens=0
seventeens=0
eighteens=0
nineteens=0
twenties=0
twentyones=0
twentytwos=0
twentythrees=0
twentyfours=0
twentyfives=0
twentysixes=0

print_result ()
{
echo
echo “as = $ones”
echo “bs = $twos”
echo “cs = $threes”
echo “ds = $fours”
echo “es = $fives”
echo “fs = $sixes”
echo “gs = $sevens”
echo “hs = $eights”
echo “is = $nines”
echo “js = $tens”
echo “ks = $elevens”
echo “ls = $twelves”
echo “ms = $thirteens”
echo “ns = $fourteens”
echo “os = $fifteens”
echo “ps = $sixteens”
echo “qs = $seventeens”
echo “rs = $eighteens”
echo “ss = $nineteens”
echo “ts = $twenties”
echo “us = $twentyones”
echo “vs = $twentytwos”
echo “ws = $twentythrees”
echo “xs = $twentyfours”
echo “ys = $twentyfives”
echo “zs = $twentysixes”
echo “Passcode = $passcode”
echo
}

update_count()
{
case “$1″ in
0) let “ones += 1″;; # Since a is not “zero”, this corresponds to 1.
1) let “twos += 1″;; # And b to 2, etc.
2) let “threes += 1″;;
3) let “fours += 1″;;
4) let “fives += 1″;;
5) let “sixes += 1″;;
6) let “sevens += 1″;;
7) let “eights += 1″;;
8) let “nines += 1″;;
9) let “tens += 1″;;
10) let “elevens += 1″;;
11) let “twelves += 1″;;
12) let “thirteens += 1″;;
13) let “fourteens += 1″;;
14) let “fifteens += 1″;;
15) let “sixteens += 1″;;
16) let “seventeens += 1″;;
17) let “eighteens += 1″;;
18) let “nineteens += 1″;;
19) let “twenties += 1″;;
20) let “twentyones += 1″;;
21) let “twentytwos += 1″;;
22) let “twentythrees += 1″;;
23) let “twentyfours += 1″;;
24) let “twentyfives += 1″;;
25) let “twentysixes += 1″;;
esac
}

while [ “$throw” -lt “$MAXTHROWS” ]
do
let “die1 = RANDOM % $PIPS”
let “die2 = RANDOM % $PIPS”
let “die3 = RANDOM % $PIPS”
let “die4 = RANDOM % $PIPS”
let “die5 = RANDOM % $PIPS”
let “die6 = RANDOM % $PIPS”
let “die7 = RANDOM % $PIPS”
let “passcode = (die1+97)*(die2+97)*(die3+97)*(die4+97)*(die5+97)*(die6+97)*(die7+97)”
if test $passcode = 120622737064212 ; then
let “throw += 1″
update_count $die1
update_count $die2
update_count $die3
update_count $die4
update_count $die5
update_count $die6
update_count $die7
print_result
fi

done

exit 0
This was a modification of a lottery script I got off the internet. Unlike the JavaScript interpreter the bash script just keeps running until it produces a result.

Eventually, after a day or so I returned to my computer to find the following output:

as = 3
bs = 0
cs = 0
ds = 0
es = 0
fs = 0
gs = 1
hs = 0
is = 0
js = 0
ks = 0
ls = 1
ms = 2
ns = 0
os = 0
ps = 0
qs = 0
rs = 0
ss = 0
ts = 0
us = 0
vs = 0
ws = 0
xs = 0
ys = 0
zs = 0
Passcode = 120622737064212

This revealed the passcode to be a commonly used word in dentistry. I ran

through the same code again to get the username and was able to login.

To improve the security of the website
I would leave out the ".toLowerCase()" bits in the JavaScript below.

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}

if(usercode==160891453245600&&passcode==120622737064212)

{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}

This would mean the potential cracker would have to work their computer
much harder to break the passcodes. If you introduced other characters
or numbers it would become very difficult or nearly impossible to break
down.

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Test edit 1