Jump to content
xisto Community
Sign in to follow this  
jipman

Hackers Challenge 2 Do you have what it takes to beat this ?

Recommended Posts

Nice job mastercomputers, I think i should spice up the challenges next time.To mse:Please don't give the solution to the answers, it kinda spoils the challenge for the others. I have to admit, I had to say that in the first place, so i'll say it when I post hackers challenge 3and be sureThat one is going to be r-e-a-l-l-y difficult , the first two were just warm ups :P

Share this post


Link to post
Share on other sites

You can change Firefox's user agent manually.Open your browser and in the address bar type about:configSorry removed part of my post you'll need to find out more on how to do it yourself.Simple enough right?Using Telnet, well I don't want to explain the challenge too much, just want to explain telnet.You should understand how a web browser works, running a text browser is a good way to learn what you should pass to an http server.The first thing to pass to a server is your request, you've already open a connection by connecting to it, it's now asking you what you want, if you don't tell it what you want then it'll drop you.Again removed it, sorry.That's it.Cheers,MC

Share this post


Link to post
Share on other sites

The first thing to pass to a server is your request, you've already open a connection by connecting to it, it's now asking you what you want, if you don't tell it what you want then it'll drop you.

it drops me BEFORE i can finish telling it what i want.
how do you keep the connection open ???

http protocol says you need the GET first, then any extras like HOST: User-Agent: etc etc etc

the first tinme i hit return, it spints out the html, then drops the connection.

Share this post


Link to post
Share on other sites

I think that something went wrong at your side then, because I didn't specify the challenge to drop any connection. Maybe you entered the wrong syntax, because http servers drop your connection if you enter something wrong.

Share this post


Link to post
Share on other sites

Guys, I found this excellent firefox extension for User Agent Spoofing - I tried it out on Jippy's site and the LearnToHack challenge as well - works way better than WannaBrowser and no need of using Sam Spade...

Go grab it at: http://chrispederick.com/work/user-agent-switcher/

Damned cool, eh ? :P

Share this post


Link to post
Share on other sites

I think that something went wrong at your side then, because I didn't specify the challenge to drop any connection. Maybe you entered the wrong syntax, because http servers drop your connection if you enter something wrong.

bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php not supported.<P>Invalid method in request get /challenge2.php HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host.bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php html/1.1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php html/1.1 not supported.<P>Invalid method in request get /challenge2.php%20html/1.1 HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host.

it spits out the html 404, and closes the connection before i get a chance to enter the Host: or User-Agent lines.

what did i do wrong there ???

same porblem with netcat

bash-2.05b$ echo "GET /challenge2.php" | netcat jipman.astahost.com 80;<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /challenge2.php was not found on this server.<P><P>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.<HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>

kills connection before i get chance to send anything after GET

if i try to send user agaent before get, then it just drops connection without any 404.

is your challenge programmed to UNIX standards ???
where a newline is denoted by a "\n" or the old DOS standards, where a newline is denoted by "\r\n" ???

maybe i will try this challenge on windows next time i get access to it.

Share this post


Link to post
Share on other sites

and i still consider the firefox pluggin cheating :(i tried with telnet on windowsXP same thing.

Share this post


Link to post
Share on other sites

Very weird indeed, but I still must tell you that you don't have to use Telnet, just FireFox and some plugins will do the trick.

<{POST_SNAPBACK}>


I completely support qwiji here. What he's doing is the REAL WAY to do things. Firefox plugins are basically cheating. It's nothing that you exercise your Real Skills at. We're simply using pre-made tools to get our job done.

 

A real hacker wouldn't ever say that jippy :D He'd always insist on using telnet.. :(

Share this post


Link to post
Share on other sites

I can't say using a plugin is cheating, it solves part of this solution doesn't it?However I didn't use it, nor do we need to use it, we could use Telnet for the whole lot of this.telnet jipman.astahost.com 80GET /challenge2.php HTTP/1.1Host: jipman.astahost.comTested on Windows (at work) and Linux (at home), solved it at work, can still solve it at home as well.Try that out, I noticed by the error produced by Telnet the problem is the method, still believe it's because you're not sending the correct requests, but if this doesn't work for you, I'll eat my words.Cheers,MC

Share this post


Link to post
Share on other sites

hmm, strange.. it worked whis time....were any changes made to the server ?

Share this post


Link to post
Share on other sites

qwijibow,I like to think of the HTTP commands to be case sensitive, although this may not be the case, I noticed you used HTML/1.1 instead of HTTP/1.1.That could have been one problem, the other was you didn't specify it when you first requested the information.I'll test your methods out and see if they cause any problems.I just tested what you were doing, and it seems you must pass HTTP/1.1 or HTTP/1.0, as it resulted in the quick connection closed, I guess that's where your problem was.Cheers,MC

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.