Page 75 of 89
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:27 pm
by Guido
If I'm correct password.php will send the correct URL if the correct password has been entered
- Code: Select all
window.location = data.url;
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:28 pm
by ambivalenceavenue
Guido wrote:If I'm correct password.php will send the correct URL if the correct password has been entered
- Code: Select all
window.location = data.url;
Yeah that's right. Provided by this page that is generating JSON based on whether the password is correct:
http://cosecha-transmisiones.com/passwo ... XXX/519225
You can use that if you want it to be a bit easier to try out passwords
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:29 pm
by 60-10
Hmmm wonder if this is the code 22 Aug 1996? so 220896?
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:30 pm
by Guido
It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:30 pm
by chishkebab
Were any singles release by boc on 22/08/96 white label or anything. Two track lengths = 6 numbers and could be p/w
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:31 pm
by Guido
Shit gotta do shopping, bbl.
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:31 pm
by xpahos
did somebody try any injections? SQL Injections?
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:31 pm
by orange hexagon sun
I don't think it will be as simple as entering a string of numbers....
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:33 pm
by vballs
Guido wrote:It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.
I think this sound logical. Entering a correct password could reveal the 5th code
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:33 pm
by Impossible Geometry
xpahos wrote:did somebody try any injections? SQL Injections?
LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:33 pm
by globochem
This makes the random "Markus Boc" Hare Krishna virus video on the
hex-to-text page observation far more eerie. Were we onto this all along?
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:34 pm
by FernieCanto
It's probably been mentioned already, but I find it very odd that there aren't any zeros in any of the sequences. Also, I think 30 digits is a very small sample to many any statistical conclusions, but the distribution of digits could still be useful:
Digit - Occurrances
0 - 0
1 - 3
2 - 6
3 - 2
4 - 1
5 - 5
6 - 3
7 - 4
8 - 2
9 - 4
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:34 pm
by chishkebab
am i going mad or is that website changing what I type?
edit: try typing harvest in a password then deleting it inline then typing again
what is going on there?
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:34 pm
by Impossible Geometry
vballs wrote:Guido wrote:It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.
I think this sound logical. Entering a correct password could reveal the 5th code
using the existing numbers to figure out the 5th code and then enter the 5th code at password prompt is also logical i would think. hmm
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:34 pm
by J-Dane
Guys, i gotta run. Have fun cracking this. Hopefully be checking back soon!
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:34 pm
by vballs
Impossible Geometry wrote:xpahos wrote:did somebody try any injections? SQL Injections?
LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha
I dont think it uses SQL by the looks of things...
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:35 pm
by Kamas009
Impossible Geometry wrote:xpahos wrote:did somebody try any injections? SQL Injections?
LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha
Not necessarily, I think it will be just another way of playing their game.
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:35 pm
by Waterbagel
globochem wrote:This makes the random "Markus Boc" Hare Krishna virus video on the
hex-to-text page observation far more eerie. Were we onto this all along?
Oh, right.. That wasn't even a part of a clue or anything.. We just kinda "found" that, didn't we?
Oi, I can't think of anything that would be the password..
Notable attempts:
guest
password
admin
sysadmin
TO NO AVAIL
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:36 pm
by juKajitsu
I think we dont need ///// signs
![Post Post](./styles/twoism/imageset/icon_post_target.gif)
Posted:
Mon Apr 29, 2013 4:36 pm
by harpoon dodger