Page 1 of 1

how to do this one?

PostPosted: Sat May 26, 2018 12:04 pm
by 1misscall
HELLO ...
I want to hack or bypass or find OTP(one-time password) that this site sends to mobile phone numbers.

here is inspector of the site when you want to input activation code:
---------------------------------------------------------------------
<form id="fm" name="fm" method="post" action="/user/signUp.xhtml" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="fm" value="fm">
<div id="fm:step2">

<div class="form-check">
<div class="mobile-number-text"><input type="text" name="fm:j_idt15" autocomplete="off" class="text-field" disabled="disabled" placeholder="mymobilephonenumber">
<img src="assets/images/phone.png" class="mobile-number">
<label class="form-label">plz input activation code:</label><input type="password" name="fm:j_idt17" autocomplete="off" value="" dir="ltr" maxlength="6" tabindex="4" class="text-field mobile-pass allow-numbers-only" placeholder="activation code">
</div>
<div class="form">
</div>
</div>

<div class="clearfix">
<div class="col-xs-12 col-sm-4 col-sm-offset-4 col-md-6 col-md-offset-3 col-lg-6 col-lg-offset-3"><input id="fm:j_idt25" type="submit" name="fm:j_idt25" value="check activation code" tabindex="6" class="btn btn-secondary-dark btn-block" onclick="mojarra.ab(this,event,'action','fm:step2','@form',{'onevent':function(event) { handleMessage(event, 'fixed');$('.allow-numbers-only').numbersOnly();$('#fm\\:step2Captcha').val('');if (event.status == 'success') { refreshCaptcha('fm:step2CaptchaImage');}}});return false">
</div>
</div></div><ul id="fm:message"><li class="tc-red"> </li></ul>
<input type="hidden" name="javax.faces.ViewState" value="-5386286413554590238:-6133632685432798175"></form>

--------------------------------------------------------------------------

this value="-5386286413554590238:-6133632685432798175"> is Variable for each activation code, for example activation code for this value is: "174944"

what kind of algorithm is this value? is there any way to decode these type of algorithm?
is there another way to hack?

plz help

Re: how to do this one?

PostPosted: Mon May 28, 2018 4:39 am
by pretentious
Most of the business logic would be done on the back end. But just for shits and giggles and assuming no one is getting into legal trouble
Code: Select all
onclick="mojarra.ab(this,event,'action','fm:step2','@form',{'onevent':function(event) { handleMessage(event, 'fixed');$('.allow-numbers-only').numbersOnly();$('#fm\\:step2Captcha').val('');if (event.status == 'success') { refreshCaptcha('fm:step2CaptchaImage');}}});return false">

Not the biggest js guru but you're probably gonna have to dig into some of the included files in the page. step2Captcha for instance

the "javax.faces.ViewState" bit suggests that the site is built on https://en.wikipedia.org/wiki/JavaServer_Faces