Ping this site, ping that site - and try this combination..

Posted on

At Lodam, we are putting a really big effort, in to being the best workplace in Denmark. This means that management, have signed us up for the "Great Place to Work" scheme, which sends out a questionnaire which then compares us the other businesses in Denmark (of the same size). They send the questionnaire by a link, that sends you to an online form, which you need to fill.

Furthermore, they encourage all the departments to answer, there are prizes involved.

And, as i don't like to loose, i would like to ensure that everybody in my department have answered the questionnaire, så we started to look at the URL strings they send out. They look something like this:


https://or.allegiancetech.de/cgi-bin/qwebcorporate.dll?idx=EUFMZ4&l=dansk&rk=6YAPJG


Notice the last 6 digits. That's the unique identifier. All left to do now, is to develop a small script that generates all possible permutations of keys, and then ping the web-page for every entry generated. It only contains capitalized letters and numbers, so the number of possible permutations is relatively small. Somewhere around 2.2 billion keys.

Last evening, i developed this script, which runs all the possible permutations (the 2.2 billion). Have fun - remove (or adjust) the iterMax parameter, to ensure that your computer does not go bonkers.

What i really want people to start thinking about, is cryptographic solutions that are better than this. Maybe, mix them with lower-case letters.

/Rasmus