jipman 0 Report post Posted April 28, 2005 Nice job mastercomputers, I think i should spice up the challenges next time.To mse:Please don't give the solution to the answers, it kinda spoils the challenge for the others. I have to admit, I had to say that in the first place, so i'll say it when I post hackers challenge 3and be sureThat one is going to be r-e-a-l-l-y difficult , the first two were just warm ups Share this post Link to post Share on other sites
iGuest 3 Report post Posted April 29, 2005 You can change Firefox's user agent manually.Open your browser and in the address bar type about:configSorry removed part of my post you'll need to find out more on how to do it yourself.Simple enough right?Using Telnet, well I don't want to explain the challenge too much, just want to explain telnet.You should understand how a web browser works, running a text browser is a good way to learn what you should pass to an http server.The first thing to pass to a server is your request, you've already open a connection by connecting to it, it's now asking you what you want, if you don't tell it what you want then it'll drop you.Again removed it, sorry.That's it.Cheers,MC Share this post Link to post Share on other sites
qwijibow 0 Report post Posted April 29, 2005 The first thing to pass to a server is your request, you've already open a connection by connecting to it, it's now asking you what you want, if you don't tell it what you want then it'll drop you.it drops me BEFORE i can finish telling it what i want.how do you keep the connection open ???http protocol says you need the GET first, then any extras like HOST: User-Agent: etc etc etcthe first tinme i hit return, it spints out the html, then drops the connection. Share this post Link to post Share on other sites
jipman 0 Report post Posted April 29, 2005 I think that something went wrong at your side then, because I didn't specify the challenge to drop any connection. Maybe you entered the wrong syntax, because http servers drop your connection if you enter something wrong. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted April 29, 2005 Guys, I found this excellent firefox extension for User Agent Spoofing - I tried it out on Jippy's site and the LearnToHack challenge as well - works way better than WannaBrowser and no need of using Sam Spade...Go grab it at: http://chrispederick.com/work/user-agent-switcher/Damned cool, eh ? Share this post Link to post Share on other sites
jipman 0 Report post Posted April 29, 2005 I use that thingy too Share this post Link to post Share on other sites
saxsux 0 Report post Posted May 1, 2005 If you use the Firesomething plugin, couldn't you configure it to mimic a different browser? Share this post Link to post Share on other sites
qwijibow 0 Report post Posted May 1, 2005 I think that something went wrong at your side then, because I didn't specify the challenge to drop any connection. Maybe you entered the wrong syntax, because http servers drop your connection if you enter something wrong. bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php not supported.<P>Invalid method in request get /challenge2.php HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host.bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php html/1.1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php html/1.1 not supported.<P>Invalid method in request get /challenge2.php%20html/1.1 HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host. it spits out the html 404, and closes the connection before i get a chance to enter the Host: or User-Agent lines. what did i do wrong there ???same porblem with netcatbash-2.05b$ echo "GET /challenge2.php" | netcat jipman.astahost.com 80;<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /challenge2.php was not found on this server.<P><P>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.<HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML> kills connection before i get chance to send anything after GETif i try to send user agaent before get, then it just drops connection without any 404.is your challenge programmed to UNIX standards ???where a newline is denoted by a "\n" or the old DOS standards, where a newline is denoted by "\r\n" ???maybe i will try this challenge on windows next time i get access to it. Share this post Link to post Share on other sites
jipman 0 Report post Posted May 1, 2005 Very weird indeed, but I still must tell you that you don't have to use Telnet, just FireFox and some plugins will do the trick. Share this post Link to post Share on other sites
qwijibow 0 Report post Posted May 1, 2005 and i still consider the firefox pluggin cheating :(i tried with telnet on windowsXP same thing. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted May 1, 2005 Very weird indeed, but I still must tell you that you don't have to use Telnet, just FireFox and some plugins will do the trick. <{POST_SNAPBACK}> I completely support qwiji here. What he's doing is the REAL WAY to do things. Firefox plugins are basically cheating. It's nothing that you exercise your Real Skills at. We're simply using pre-made tools to get our job done. Â A real hacker wouldn't ever say that jippy He'd always insist on using telnet.. Share this post Link to post Share on other sites
iGuest 3 Report post Posted May 1, 2005 I can't say using a plugin is cheating, it solves part of this solution doesn't it?However I didn't use it, nor do we need to use it, we could use Telnet for the whole lot of this.telnet jipman.astahost.com 80GET /challenge2.php HTTP/1.1Host: jipman.astahost.comTested on Windows (at work) and Linux (at home), solved it at work, can still solve it at home as well.Try that out, I noticed by the error produced by Telnet the problem is the method, still believe it's because you're not sending the correct requests, but if this doesn't work for you, I'll eat my words.Cheers,MC Share this post Link to post Share on other sites
qwijibow 0 Report post Posted May 2, 2005 hmm, strange.. it worked whis time....were any changes made to the server ? Share this post Link to post Share on other sites
chrls1405241492 0 Report post Posted May 2, 2005 Hacking Challenges...!? Share this post Link to post Share on other sites
iGuest 3 Report post Posted May 2, 2005 qwijibow,I like to think of the HTTP commands to be case sensitive, although this may not be the case, I noticed you used HTML/1.1 instead of HTTP/1.1.That could have been one problem, the other was you didn't specify it when you first requested the information.I'll test your methods out and see if they cause any problems.I just tested what you were doing, and it seems you must pass HTTP/1.1 or HTTP/1.0, as it resulted in the quick connection closed, I guess that's where your problem was.Cheers,MC Share this post Link to post Share on other sites