College Javascript Login Bypass Help ?

[brazzO]

Hey, i was set a challenge by my tutor just as a bit of fun to see if i could bypass a really simple login page using java. He has hidden the code and i have tried a few ways of cracking it but nothing working. Any help would be appreciated. So here is the login: http://asch.org.uk/webdesign/login.html .. any help would be appreciated.

I have tried deobfuscating the login2.js but only there i can get the users not pass. i tried doing the numbers in ascii but still it dont work

 

[Tango]

When you get the correct username and password it re-directs here


asch.org.uk/webdesign/examples/scripting/backpage.html

The page boring dont bother finding it =)

 

[brazzO]

what is the user and pass ?
it does not let me view the actual page because i have not logged in

i need to know what it actual displays so i can say to the tutor this is what comes up and not just that link as he will ask what is on it.

 

[t3od0r]

is redirecting from examples/scripting/backpage.html to http://www.asch.org.uk/webdesign/

users
Andreas:test
Student:Gu355

 

[brazzO]

ahh i see, thanks. dont know how you guys got the pass's so if you have time later could you say so. was it something to do with the ascii numbers when you de-obscufy it ?

 

[Tango]

You have

userDetails['Andreas']=[139,155,142,136];
userDetails['Student']=[184,139,206,201,206];

so use the js to decode it

var user=[139,155,142,136];
var passwd =[184,139,206,201,206];

And use an alertbox to show them

eg.

alert(deObfuscate(passwd));

There is probably an easier way but i don't really use js

 

[t3od0r]

http://jsfiddle.net/7ZSdk/2/

 

[brazzO]

thanks for this, appreciated. will report it to be closed now

 

[Dean2k]

Aw I was just trolling through this:

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 g=[p,6,n,y,2,5,n,2,u,o,5,6,p,l,o,G,c,r,E,i,D,r,l,F,6,c,C,B,2,5,j,j];1 4=s q();4[\'A\']=[2,H,i,v];4[\'w\']=[z,2,d,S,d];t X(){1 k=f.e(\'W\').7;1 3=f.e(\'V\');1 h=3.7;1 9=4[k];I(9!=Z&&8(9)==h){13.12.11=8(g)}10{Y("T M L");3.7=\'\';3.K()}}t 8(a){1 b=s q();1 m=J;1 x;N(x=0;x<a.O;x++){b[x]=R.Q(a[x]^m--)}P b.U(\'\')}',62,66,'|var|139|pwTb|userDetails|150|134|value|deObfuscate|upw|inpArr|outChars|129|206|getElementById|document|target|pw|142|140|userName|130|salt|156|133|154|Array|137|new|function|216|136|Student||145|184|Andreas|202|128|138|194|152|153|155|if|0xFF|focus|information|login|for|length|return|fromCharCode|String|201|Incorrect|join|passwd|userId|tryLogin|alert|null|else|href|location|window'.split('|'),0,{}))

Trying to figure it out haha