I'm attempting to troubleshoot a login issue on an old system that noone here is very familiar with. We have what we believe to be the admin password, but it isn't working. I'm just grasping, but I thought maybe a browser issue, considering how old the system is, so I tried using Postman to see what kind of response I get, which resulted in a failure.
However, I'm noticing now that they seem to be using some method to obfuscate the password, and I don't really understand what it's doing.
The login form method is this.
<form method="post" name='login' action="/?language=en" onsubmit="document.getElementById('submit').disabled = true; document.getElementById('pass').value = CJMaker.makeString(document.getElementById('pass').value);" >
and the CJMaker file contains this.
function CJMaker(e)
{}function _CJMaker_makeString(val)
{if (val == null)
{return val;}var size = val.length;var retVal = new String();var conVal = new String();for (var i = 0; i < size; i++)
{var current = val.charCodeAt(i);current = current^4;conVal += String.fromCharCode(current);}for (var i = size - 1; i >= 0; i--)
{retVal += conVal.charAt(i);}return retVal;}CJMaker.makeString = _CJMaker_makeString;
So it looks like it's just using char codes, and I suspect that the password in the database isn't the actual password, but instead is whatever this would create.
I'm afraid I just do not understand this well enough to reverse it. I'm sure it's simple to some of you javascript guys though.
Can anyone tell me more about what this is doing?
Aucun commentaire:
Enregistrer un commentaire