HTML Password Lock - Bypass

1.  
2. So im bored and im going to make a lame ass tutorial on how to bypass a lame ass software which to me is just sad and pathetic as to how people would even want to buy this software
3.  
4. But none the less This will just aid in some other hackers venture on getting by this.
5.  
6.  
7. Although the steps is pretty neat if you can appreciate Hacking Methodology
8. --------------------------------------------------------------------------------
9.  
10.  
11.  
12. Software: HTML Password Lock , By MTO
13. www.mtopsoft.com
14.  
15.  
16.  
17. Check out there reviews - They have some big clients using there software
18.  
19. It's kind of sad but whatever anyways moving on
20.  
21.  
22. --------------------------------------------------------------------------------
23.  
24.  
25. When you Use this software you have 3 choices to encrypt your password
26.  
27.  
28. 1. Session
29. 2. Cookie
30. 3. Page
31.  
32. --------------------------------------------------------------------------------
33.  
34.  
35. HTML Password Lock - Uses its own Encryption methods using javascript
36.  
37.  
38. Lets say you go to a website and a Login page pops up asking you to login , you right click _> vie source
39.  
40. Now your presented with a bunch of scrambled text
41.  
42.  
43.  
44. How to Bypass?
45.  
46.  
47. 1. Download HTML Password Lock Software
48. 2. Download FireBug For FireFox
49. 3. Tamper Data
50.  
51.  
52. Open up the software and Generate a new encrypted file
53.  
54. If you notice the encrypted file code is EXACTLY the same as on the site your trying to bypass
55. The only difference is the password
56.  
57. Now Since this is javascript and not Server Side - You can copy the source code from your new Generated Encrypted file Code - Open up Firebug and replace the
58.  
59.  
60. <script language="javascript">
61. var tab=
62.  
63. With your own code -
64.  
65. Since this software also encrypts the link for them <Form Action>
66.  
67.  
68.  
69. All you have to do is When you click login open up Tamper Data and see where its going to redirect you to
70.  
71. If you use the default code from yours you will just be presented to a blank page
72.  
73.  
74.  
75.  
76. Encrypted Code Example
77.  
78. Password = test123
79.  
80.  
81. Anyways Enjoy i know this is a " lame ass " tutorial but im bored so fuck off
82.  
83.  
84. Twitter: https://twitter.com/Hex000101
85.  
86. By Hex00010
87.  
88. <script language="javascript">
89. var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function AREDIRECT(msg1){ var et,c,b,e; if (msg1==1) {alert("Invalid Password!"); };};function urlencode(str) { str = escape(str);str = str.replace('+', '%2B');str = str.replace('%20', '+');str = str.replace('*', '%2A');str = str.replace('/', '%2F');str = str.replace('@', '%40');return str;};function urldecode(str) { str = str.replace('+', ' ');str = unescape(str);return str;};function HHHHH(DDDDD,msg1){var NNNII=new Array('DO3xygs+tZmhtUAMgCUWSdigwiehGFbuBi4TLk2VoWQ56KZn1K0Q6pW7B3qaQpzCPv6MlWeL7umIVEn6KF4a2CrGswJkwIZj5KUVNbKUy6TBSd+A5TRNFeqtIxcdIle4bhesrbXhvbbgBVuZ5dHDC5PojCFRCDASgdQ4kxDVkqt+ieJFRU+Pr0RkE65QwGSGtGEX0uXGdrmDnSYbHgsGLBCsVYES43QvOOo6Nc3jEWbSwGgHPnbepcmHXzfiOk93RA5zpcLParvF2GBCG7J/iWloUEfijPKR+menQC');
90. var HHHPP;var MMMCC='4A';var i, tmp1;var EEEII;if (DDDDD.length==0) {AREDIRECT(msg1); return false;}HHHPP=MHHHHH(DDDDD);for (i=0;i<HHHPP.length;i++)tmp1^=HHHPP.charCodeAt(i);if (tmp1!=parseInt(MMMCC, 16)){AREDIRECT(msg1); return false;}document.cookie='mtpwd='+urlencode(DDDDD)+';path=/';EEEII='';var kkk=xabc(HHHPP);for(i=0;i<NNNII.length;i++){EEEII+=CDDDD(HHHPP, NNNII[i]);self.status='Unlocking '+Math.ceil(i*100/NNNII.length)+'%';}hideall();document.write(EEEII);if (navigator.appName=="Netscape") document.close();if (navigator.appName=='Netscape') document.body.style.cursor='text';if (navigator.appName=="Microsoft Internet Explorer") document.location.reload();self.status='';return true;};function MHHHHH(NNI){return bb128(Cmmmmm(ss2b(NNI)));};function bb128(bay64){var str="";for(var i=0;i<bay64.length*32;i+=6){str+=tab.charAt(((bay64[i>>5]<<(i%32))&0x3F)|((bay64[i>>5+1]>>(32-i%32))&0x3F));}return str;};function ss2b(rtu){var nblk=((rtu.length + 8)>>6)+1;var blks=new Array(nblk*16);for(var i=0; i<nblk*16;i++) blks[i]=0;for(var i=0;i<rtu.length;i++)blks[i>>2]|=(rtu.charCodeAt(i)& 0xFF)<<((i%4)*8);blks[i>>2]|=0x80<<((i%4)*8);blks[nblk*16-2]=rtu.length * 8;return blks;};function sadf(x,y){var lsw=(x&0xFFFF)+(y&0xFFFF);var msw=(x>>16)+(y>>16)+(lsw>>16);return (msw<<16)|(lsw&0xFFFF);};function rrrll(num,cnt){return (num<<cnt)|(num>>>(32-cnt));};function cmn(q,a,b,x,s,t){return sadf(rrrll(sadf(sadf(a,q),sadf(x,t)),s),b);};function ff(a,b,c,d,x,s,t){return cmn((b&c)|((~b)&d),a,b,x,s,t);};function gg(a,b,c,d,x,s,t){return cmn((b&d)|(c&(~d)),a,b,x,s,t);};function hh(a,b,c,d,x,s,t){return cmn(b^c^d,a,b,x,s,t);};function ii(a,b,c,d,x,s,t){return cmn(c^(b|(~d)),a,b,x,s,t);};
91. function Cmmmmm(x){var a=1732584193;var b=-271733879;var c=-1732584194;var d=271733878;for(i=0;i<x.length;i+=16){var olda=a;var oldb=b;var oldc=c;var oldd=d;a=ff(a,b,c,d,x[i+0],7,-680876936);d=ff(d,a,b,c,x[i+1],12,-389564586);c=ff(c,d,a,b,x[i+2],17,606105819);b=ff(b,c,d,a,x[i+3],22,-1044525330);a=ff(a,b,c,d,x[i+4],7,-176418897);d=ff(d,a,b,c,x[i+5],12,1200080426);c=ff(c,d,a,b,x[i+6],17,-1473231341);b=ff(b,c,d,a,x[i+7],22,-45705983);a=ff(a,b,c,d,x[i+8],7,1770035416);d=ff(d,a,b,c,x[i+9],12,-1958414417);c=ff(c,d,a,b,x[i+10],17,-42063);b=ff(b,c,d,a,x[i+11],22,-1990404162);a=ff(a,b,c,d,x[i+12],7,1804603682);d=ff(d,a,b,c,x[i+13],12,-40341101);c=ff(c,d,a,b,x[i+14],17,-1502002290);b=ff(b,c,d,a,x[i+15],22,1236535329);a=gg(a,b,c,d,x[i+1],5,-165796510);d=gg(d,a,b,c,x[i+6],9,-1069501632);c=gg(c,d,a,b,x[i+11],14,643717713);b=gg(b,c,d,a,x[i+0],20,-373897302);a=gg(a,b,c,d,x[i+5],5,-701558691);d=gg(d,a,b,c,x[i+10],9,38016083);c=gg(c,d,a,b,x[i+15],14,-660478335);b=gg(b,c,d,a,x[i+4],20,-405537848);a=gg(a,b,c,d,x[i+9],5,568446438);d=gg(d,a,b,c,x[i+14],9,-1019803690);c=gg(c,d,a,b,x[i+3],14,-187363961);b=gg(b,c,d,a,x[i+8],20,1163531501);a=gg(a,b,c,d,x[i+13],5,-1444681467);d=gg(d,a,b,c,x[i+2],9,-51403784);c=gg(c,d,a,b,x[i+7],14,1735328473);b=gg(b,c,d,a,x[i+12],20,-1926607734);a=hh(a,b,c,d,x[i+5],4,-378558);d=hh(d,a,b,c,x[i+8],11,-2022574463);c=hh(c,d,a,b,x[i+11],16,1839030562);b=hh(b,c,d,a,x[i+14],23,-35309556);a=hh(a,b,c,d,x[i+1],4,-1530992060);d=hh(d,a,b,c,x[i+4],11,1272893353);c=hh(c,d,a,b,x[i+7],16,-155497632);b=hh(b,c,d,a,x[i+10],23,-1094730640);a=hh(a,b,c,d,x[i+13],4,681279174);d=hh(d,a,b,c,x[i+0],11,-358537222);c=hh(c,d,a,b,x[i+3],16,-722521979);b=hh(b,c,d,a,x[i+6],23,76029189);a=hh(a,b,c,d,x[i+9],4,-640364487);d=hh(d,a,b,c,x[i+12],11,-421815835);c=hh(c,d,a,b,x[i+15],16,530742520);b=hh(b,c,d,a,x[i+2],23,-995338651);a=ii(a,b,c,d,x[i+0],6,-198630844);d=ii(d,a,b,c,x[i+7],10,1126891415);c=ii(c,d,a,b,x[i+14],15,-1416354905);b=ii(b,c,d,a,x[i+5],21,-57434055);a=ii(a,b,c,d,x[i+12],6,1700485571);d=ii(d,a,b,c,x[i+3],10,-1894986606);c=ii(c,d,a,b,x[i+10],15,-1051523);b=ii(b,c,d,a,x[i+1],21,-2054922799);a=ii(a,b,c,d,x[i+8],6,1873313359);d=ii(d,a,b,c,x[i+15],10,-30611744);c=ii(c,d,a,b,x[i+6],15,-1560198380);b=ii(b,c,d,a,x[i+13],21,1309151649);a=ii(a,b,c,d,x[i+4],6,-145523070);d=ii(d,a,b,c,x[i+11],10,-1120210379);c=ii(c,d,a,b,x[i+2],15,718787259);b=ii(b,c,d,a,x[i+9],21,-343485551);a=sadf(a,olda);b=sadf(b,oldb);c=sadf(c,oldc);d=sadf(d,oldd);};return [a,b,c,d];};
92. function CDDDD(s1,Ipn1){return cc1r2(s1,b128tty(Ipn1));};function xabc(s1){var k=0;for(n=0;n<s1.length;n++)k^=s1.charCodeAt(n);return k;}function XDDDD(k,Ipn1){var r='';var m=0;var a=0;var c;for(n=0;n<Ipn1.length;n++) {c=tab.indexOf(Ipn1.charAt(n));if(c>=0){if(m){r+=String.fromCharCode(((c<<(8-m))&255|a)^k);}a=c >>m;m+=2;if(m==8){m=0;}}}return r;};function b128tty(t) {var r='';var m=0;var a=0;var c;for(n=0;n<t.length;n++) {c=tab.indexOf(t.charAt(n));if(c>=0) {if(m) {r+=String.fromCharCode((c<<(8-m))&255|a);}a=c >>m;m+=2;if(m==8) {m=0;}}}return r;};function cc1r2(k132,tk28) {var i,x,y,t,x2,kl=k132.length;s=[];for (i=0;i<256;i++) s[i]=i;y=0;x=kl;while(x--) {y=(k132.charCodeAt(x)+s[x]+y)%256;t=s[x];s[x]=s[y];s[y]=t;}x=0;y=0;var z="";for (x=0;x<tk28.length;x++) {x2=x&255;y=(s[x2]+y)&255;t=s[x2];s[x2]=s[y];s[y]=t;z+=String.fromCharCode((tk28.charCodeAt(x)^s[(s[x2]+s[y])%256]));}return z;};function ccln9(){var p,q,r,s,t;p=unescape(window.location.search)+'&';q=unescape(window.location.search).toLowerCase()+'&';r=q.indexOf('mtpwd=');s='';if(r!=-1){s=p.substring(r+6,p.indexOf('&',r+6));if (s!='') return HHHHH(s,1);}var b,e,f;var c=document.cookie;b=c.indexOf('mtpwd=');if (b==-1) return false;e=c.indexOf(';',b);if(e==-1)e=c.length;f=urldecode(c.substring(b+6,e));return HHHHH(f, 0);};function htaction(){HHHHH(document.forms['htform'].mtpwd.value,1);};function disform(){var ly;ly=document.getElementById("hthint");if (ly) {ly.style.display = "none";ly.style.visibility = "hidden";};ly=document.getElementById("htdiv");if (ly) {ly.style.display = "block";ly.style.visibility = "visible";};if (document.htform.mtpwd) document.htform.mtpwd.focus();};function dishint(){var ly;ly=document.getElementById("hthint");if (ly){ly.style.display = "block";ly.style.visibility = "visible";};ly=document.getElementById("htdiv");if (ly){ly.style.display = "none";ly.style.visibility = "hidden";};};function hideall(){var ly;ly=document.getElementById("hthint");if (ly) {ly.style.display = "none";ly.style.visibility = "hidden";};ly=document.getElementById("htdiv");if (ly) {ly.style.display = "none";ly.style.visibility = "hidden";};};function ht_check(){var br;dishint();br=ccln9();if (!br){disform();}};
93. </script>