how to do this one?

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

how to do this one?

Post by 1misscall on Sat May 26, 2018 12:04 pm
([msg=95752]see how to do this one?[/msg])

HELLO ...
I want to hack or bypass or find OTP(one-time password) that this site sends to mobile phone numbers.

here is inspector of the site when you want to input activation code:
---------------------------------------------------------------------
<form id="fm" name="fm" method="post" action="/user/signUp.xhtml" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="fm" value="fm">
<div id="fm:step2">

<div class="form-check">
<div class="mobile-number-text"><input type="text" name="fm:j_idt15" autocomplete="off" class="text-field" disabled="disabled" placeholder="mymobilephonenumber">
<img src="assets/images/phone.png" class="mobile-number">
<label class="form-label">plz input activation code:</label><input type="password" name="fm:j_idt17" autocomplete="off" value="" dir="ltr" maxlength="6" tabindex="4" class="text-field mobile-pass allow-numbers-only" placeholder="activation code">
</div>
<div class="form">
</div>
</div>

<div class="clearfix">
<div class="col-xs-12 col-sm-4 col-sm-offset-4 col-md-6 col-md-offset-3 col-lg-6 col-lg-offset-3"><input id="fm:j_idt25" type="submit" name="fm:j_idt25" value="check activation code" tabindex="6" class="btn btn-secondary-dark btn-block" onclick="mojarra.ab(this,event,'action','fm:step2','@form',{'onevent':function(event) { handleMessage(event, 'fixed');$('.allow-numbers-only').numbersOnly();$('#fm\\:step2Captcha').val('');if (event.status == 'success') { refreshCaptcha('fm:step2CaptchaImage');}}});return false">
</div>
</div></div><ul id="fm:message"><li class="tc-red"> </li></ul>
<input type="hidden" name="javax.faces.ViewState" value="-5386286413554590238:-6133632685432798175"></form>

--------------------------------------------------------------------------

this value="-5386286413554590238:-6133632685432798175"> is Variable for each activation code, for example activation code for this value is: "174944"

what kind of algorithm is this value? is there any way to decode these type of algorithm?
is there another way to hack?

plz help
1misscall
New User
New User
 
Posts: 1
Joined: Sat May 26, 2018 11:55 am
Blog: View Blog (0)


Re: how to do this one?

Post by pretentious on Mon May 28, 2018 4:39 am
([msg=95758]see Re: how to do this one?[/msg])

Most of the business logic would be done on the back end. But just for shits and giggles and assuming no one is getting into legal trouble
Code: Select all
onclick="mojarra.ab(this,event,'action','fm:step2','@form',{'onevent':function(event) { handleMessage(event, 'fixed');$('.allow-numbers-only').numbersOnly();$('#fm\\:step2Captcha').val('');if (event.status == 'success') { refreshCaptcha('fm:step2CaptchaImage');}}});return false">

Not the biggest js guru but you're probably gonna have to dig into some of the included files in the page. step2Captcha for instance

the "javax.faces.ViewState" bit suggests that the site is built on https://en.wikipedia.org/wiki/JavaServer_Faces
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1202
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests

cron