____twoism

If I'm correct password.php will send the correct URL if the correct password has been entered

Code: Select all

window.location = data.url;

Guido wrote:If I'm correct password.php will send the correct URL if the correct password has been entered

Code: Select all

window.location = data.url;

Yeah that's right. Provided by this page that is generating JSON based on whether the password is correct:
http://cosecha-transmisiones.com/passwo ... XXX/519225

You can use that if you want it to be a bit easier to try out passwords

Hmmm wonder if this is the code 22 Aug 1996? so 220896?

It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.

Were any singles release by boc on 22/08/96 white label or anything. Two track lengths = 6 numbers and could be p/w

Shit gotta do shopping, bbl.

did somebody try any injections? SQL Injections?

I don't think it will be as simple as entering a string of numbers....

Guido wrote:It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.

I think this sound logical. Entering a correct password could reveal the 5th code

xpahos wrote:did somebody try any injections? SQL Injections?

LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha

This makes the random "Markus Boc" Hare Krishna virus video on the hex-to-text page observation far more eerie. Were we onto this all along?

It's probably been mentioned already, but I find it very odd that there aren't any zeros in any of the sequences. Also, I think 30 digits is a very small sample to many any statistical conclusions, but the distribution of digits could still be useful:

Digit - Occurrances
0 - 0
1 - 3
2 - 6
3 - 2
4 - 1
5 - 5
6 - 3
7 - 4
8 - 2
9 - 4

am i going mad or is that website changing what I type?

edit: try typing harvest in a password then deleting it inline then typing again

what is going on there?

vballs wrote:

Guido wrote:It is not certain they want us to enter the 36 digts. The fact that the source code of the HTML indicates something is up with the 5th slot might as well indicate that we have to find some password after which the fifth slot will be revealed to us. Just an idea. And as some others have noted, the date of the login console is the date that the Hare virus becomes active. There is something up with the Hare virus, that is why I posted a link to the source code of Hare.

I think this sound logical. Entering a correct password could reveal the 5th code

using the existing numbers to figure out the 5th code and then enter the 5th code at password prompt is also logical i would think. hmm

Guys, i gotta run. Have fun cracking this. Hopefully be checking back soon!

Impossible Geometry wrote:

xpahos wrote:did somebody try any injections? SQL Injections?

LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha

I dont think it uses SQL by the looks of things...

Impossible Geometry wrote:

xpahos wrote:did somebody try any injections? SQL Injections?

LOL how hilarious would it be if we hacked our way in versus figuring it out the legit way. talk about spoiling the fun haha

Not necessarily, I think it will be just another way of playing their game.

globochem wrote:This makes the random "Markus Boc" Hare Krishna virus video on the hex-to-text page observation far more eerie. Were we onto this all along?

Oh, right.. That wasn't even a part of a clue or anything.. We just kinda "found" that, didn't we?

Oi, I can't think of anything that would be the password..

Notable attempts:
guest
password
admin
sysadmin

TO NO AVAIL

I think we dont need ///// signs

"i,s,o,g,r,a,m"

http://en.wikipedia.org/wiki/Isogram