Advanced JS-Crackme
By The Sandman
Created 28th February 1999
 
 
 
Password:
 
  
 

 
What can I say about this script?.. It's pretty hard to work out because the Password and URL to where this script goes to has all been encrypted.

Some notes worth mentioning about this script..

There are no numbers or 'funny' characters in either the password or URL.

The encrypted password & URL for the User 'The Sandman' is stored here:
<OPTION value="6025681284,953216,MSILH.LWNS">

The encrypted password & URL for the User 'The Seeker' is stored here:
<OPTION value="860818431,418373,MWMJH.OUTR">

MWMJH.OUTR  <---This is the encrypted URL, notice the (dot) followed by four letters,
                         <--  this is a good indication that it belongs to the filename, can you see that
                         <--- the filename ends with something like .html
                         <--- Looking at this we can see that the actual filename is just 5 letters long.

Here's the source code for this script..

<SCRIPT language="javascript">

var prop="Copyright dion 6/98";

var params=new Array(16);

var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789-ABCDEFGHI";

function check(form)

 {

   choice = form.memlist.options[form.memlist.selectedIndex].value;

   if (choice=="x")

    { alert("Please Select Your Name From The List"); return; };

   splt(choice,",");

   h1=makehash(form.pass.value,3);

   h2=makehash(form.pass.value,10)+" ";

   if (h1!=params[1])

    { alert("Incorrect Password!"); return; };
 
 

   var page=""; var hp=0;

   for (var i=0;i<params[2].length;i++)

    { letter=params[2].substring(i,i+1)

      ul=letter.toUpperCase();

      a=alpha.indexOf(ul,0);

      if (a>=0)

       { a-=(h2.substring(hp,hp+1)*1);

         hp++; if (hp==h2.length-1) hp=0;

         if (a<0) a+=38;

         page+=alpha.substring(a,a+1);

       } else { page+=letter; }; };
 
 

   text=""; c=0;

   splt(page,";"); choice=params[0];

   while (params[c])

    { a=params[c].indexOf("(",0);

      b=params[c].indexOf(")",a);

      text+=params[c].substring(a+1,b)+", "; c++; };

   if (c>1)

    { pick=prompt("Destinations: "+text,"Choose Destination").toUpperCase();

      choice=null; if (pick) for (i=0;i<c;i++)

        if (params[i].indexOf("("+pick+")",0)>0)

         choice=params[i].substring(0,params[i].indexOf("(",0)); };

   if (choice) top.location=choice.toLowerCase();

 };

function makehash(pw,mult)

 { pass=pw.toUpperCase();

   hash=0;

   for (i=0;i<pass.length;i++)

    { letter=pass.substring(i,i+1);

      c=alpha.indexOf(letter,0)+1;

      hash=hash*mult+c; };

   return(hash);

 };

function splt(str,delim)

 { p=0; i=0; val=str+delim;

   while (val.indexOf(delim,p+1)>0)

    { a=val.indexOf(delim,p);

      params[i]=val.substring(a,p);

      p=a+1; i++; };

   params[i]=null;

 };

</SCRIPT>