Please register or login. There are 0 registered and 1316 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s December 17 - 01:18am EST 
Hardware Analysis
      
Forums Product Prices
  Contents 
 
 

  Latest Topics 
 

More >>
 

    
 
 

  You Are Here: 
 
/ Forums / Programming /
 

  Javascript protected Login to a device 
 
 Author 
 Date Written 
 Tools 
Rooin Jan 28, 2009, 07:55pm EST Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jan 28, 2009, 11:42pm EST

Replies: 2 - Views: 2074
Ok I've got a WiFi device that appears to use a Javascript password protection on it.

I've heard there is ways to look over the source code of the page and either crack or figure out the password for the page.

I need some Javascript nuts to look over this code, and tell me if this one of those pages. If it is, I need to know how to figure out the pass by looking/scanning the source code. I'm a novice and am not sure what I'm looking for.

Source from login page:

<script language="JavaScript" type="text/JavaScript">
<!--
function MM_Onload()
{
var s=eval("document.login");
s.szPassword.focus();
}
function info_encode(s)
{
var encode="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var ascii="01234567890123456789012345678901 !\"#" + '\$' + "%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";

var i,j,c;
var v=s+" ";;
var t="";

c = s.length%3;
if (c == 1) t="<";
if (c == 2) t=">";
for (i=0;i<v.length-2;i+=3)
{
c=(ascii.lastIndexOf(v.charAt(i)) <<16)+(ascii.lastIndexOf(v.charAt(i+1))<< 8)+ascii.lastIndexOf(v.charAt(i+2));
for (j=0;j<4;j++)
{
t+=encode.charAt((c>>18) & 0x3f);
c = c << 6;
}
}
return t;
}
function MM_Submit()
{
var ss,sl,a,b;
ss=eval("document.video54");
sl=eval("document.login");
a = ss.szUserName.value+":"+sl.szPassword.value;
b = info_encode(a);
window.location="login.htm?op=1&login="+b;
}
//-->
</script>
</head>
<body bgcolor=#ffffff topmargin=0 leftmargin=0 marginheight=0 marginwidth=0 onload="MM_Onload();">
<form name="video54">
<center><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="100" width="100%" border="0"></tbody></table><table cellpadding=1 cellspacing=0 bgcolor="#ffffff" border=1><tr><td class="boxtext"><font face="arial" size=2><nobr>User Name:</nobr></font></td><td class="boxtext" align="right"><input type="text" name=szUserName value="admin" size="32" maxlength="32"></td></tr></form><form name="login" onSubmit="MM_Submit();return false;"><tr><td class="boxtext"><font face="arial" size=2><nobr>Password:</nobr></font></td><td class="boxtext" align="right"><input type="password" name=szPassword value="" size="32" maxlength="32"></td></tr></form></table><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="10" width="100%" border="0"><tr><td class="smallblackcenter"><img src="/fs/images/level5.gif" border="0" width="40" height="40"><tr><td class="smallpromptcenter">Air Quality<tr><td class="smallpromptcenter">SSID: AusmWiFi_1</tbody></table><form name="logon"><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="40" width="100%" border="0"><tr><td class="centertext"><input type="button" name="LogOn" value=" Log On " onClick="{MM_Submit();return false;}"></tbody></table></form>

</body>
</html>


Thanks a head of time.

EDIT: Oh, the reason I'm asking for such help is to determine if I can use this device or not with remote management. If someone can pullup the login page, an use the source to determine the pass, I'm not interested.


================================================================
"Even Satan wouldn't use customer service as a form of punishment." - Lucas http://www.ctrlaltdel-online.com
Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Suspended User Jan 28, 2009, 09:14pm EST Reply - Quote - Report Abuse
Private Message - Add to Buddy List  
>> Re: Javascript protected page
Password is blank, ie. there isnt one

Rooin Jan 28, 2009, 11:38pm EST Reply - Quote - Report Abuse
Private Message - Add to Buddy List

Edited: Jan 28, 2009, 11:41pm EST

 
>> Re: Javascript protected page
No there is a password. It needs to be entered to login.

It wasn't typed in the box or anything at the time I "Viewed source".

That source code is the login screen on the device minus the additional frames for decoration.

From the code shown is there anyway I can make a script or something to exploit the password to me? Obviously it has to check the PW against something stored on the device. I just don't know javascript well enough, and from all the google searching I've done, I'm not getting a answer.

================================================================
"Even Satan wouldn't use customer service as a form of punishment." - Lucas http://www.ctrlaltdel-online.com

Write a Reply >>


 

    
 
 

  Topic Tools 
 
RSS UpdatesRSS Updates
 

  Related Articles 
 
 

  Newsletter 
 
A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.