Please register or login. There are 0 registered and 460 anonymous users currently online. Current bandwidth usage: 326.30 kbit/s November 30 - 04:00pm EST 
Hardware Analysis
Forums Product Prices

  Latest Topics 

More >>


  You Are Here: 
/ Forums / Programming /

  Javascript protected Login to a device 
 Date Written 
Rooin Jan 28, 2009, 07:55pm EST Report Abuse
Ok I've got a WiFi device that appears to use a Javascript password protection on it.

I've heard there is ways to look over the source code of the page and either crack or figure out the password for the page.

I need some Javascript nuts to look over this code, and tell me if this one of those pages. If it is, I need to know how to figure out the pass by looking/scanning the source code. I'm a novice and am not sure what I'm looking for.

Source from login page:

<script language="JavaScript" type="text/JavaScript">
function MM_Onload()
var s=eval("document.login");
function info_encode(s)
var encode="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var ascii="01234567890123456789012345678901 !\"#" + '\$' + "%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";

var i,j,c;
var v=s+" ";;
var t="";

c = s.length%3;
if (c == 1) t="<";
if (c == 2) t=">";
for (i=0;i<v.length-2;i+=3)
c=(ascii.lastIndexOf(v.charAt(i)) <<16)+(ascii.lastIndexOf(v.charAt(i+1))<< 8)+ascii.lastIndexOf(v.charAt(i+2));
for (j=0;j<4;j++)
t+=encode.charAt((c>>18) & 0x3f);
c = c << 6;
return t;
function MM_Submit()
var ss,sl,a,b;
a = ss.szUserName.value+":"+sl.szPassword.value;
b = info_encode(a);
<body bgcolor=#ffffff topmargin=0 leftmargin=0 marginheight=0 marginwidth=0 onload="MM_Onload();">
<form name="video54">
<center><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="100" width="100%" border="0"></tbody></table><table cellpadding=1 cellspacing=0 bgcolor="#ffffff" border=1><tr><td class="boxtext"><font face="arial" size=2><nobr>User Name:</nobr></font></td><td class="boxtext" align="right"><input type="text" name=szUserName value="admin" size="32" maxlength="32"></td></tr></form><form name="login" onSubmit="MM_Submit();return false;"><tr><td class="boxtext"><font face="arial" size=2><nobr>Password:</nobr></font></td><td class="boxtext" align="right"><input type="password" name=szPassword value="" size="32" maxlength="32"></td></tr></form></table><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="10" width="100%" border="0"><tr><td class="smallblackcenter"><img src="/fs/images/level5.gif" border="0" width="40" height="40"><tr><td class="smallpromptcenter">Air Quality<tr><td class="smallpromptcenter">SSID: AusmWiFi_1</tbody></table><form name="logon"><table border="0" align="center" cellspacing="0" cellpadding="0" width="90%"><tbody><tr><td><img src="/fs/images/spacer.gif" height="40" width="100%" border="0"><tr><td class="centertext"><input type="button" name="LogOn" value=" Log On " onClick="{MM_Submit();return false;}"></tbody></table></form>


Thanks a head of time.

EDIT: Oh, the reason I'm asking for such help is to determine if I can use this device or not with remote management. If someone can pullup the login page, an use the source to determine the pass, I'm not interested.

"Even Satan wouldn't use customer service as a form of punishment." - Lucas
Want to enjoy fewer advertisements and more features? Click here to become a Hardware Analysis registered user.
Suspended User Jan 28, 2009, 09:14pm EST Report Abuse
>> Re: Javascript protected page
Password is blank, ie. there isnt one

Rooin Jan 28, 2009, 11:38pm EST Report Abuse
>> Re: Javascript protected page
No there is a password. It needs to be entered to login.

It wasn't typed in the box or anything at the time I "Viewed source".

That source code is the login screen on the device minus the additional frames for decoration.

From the code shown is there anyway I can make a script or something to exploit the password to me? Obviously it has to check the PW against something stored on the device. I just don't know javascript well enough, and from all the google searching I've done, I'm not getting a answer.

"Even Satan wouldn't use customer service as a form of punishment." - Lucas



  Topic Tools 
RSS UpdatesRSS Updates

  Related Articles 

A weekly newsletter featuring an editorial and a roundup of the latest articles, news and other interesting topics.

Please enter your email address below and click Subscribe.