General Discussion | Iago you suck!

Author	Message	Time
Thing	[quote][/quote]is an indirect reference to http://www.try2hack.nl/faq/:[quote][/quote] You assmonkey! Thanks to you I've spent the last 3 hours working on those levels! I'm at level seven and I need to rest my brain. I'm starting to see fairies dancing across the top of my monitor.	October 24, 2003, 10:50 PM
iago	lmao! Which one is level 7? I got upto the one that was a username/password which is sent to a .pl file which contains a very well known exploit classicly. I got the .passwd file, but never got around to cracking it before they changed all their stuff around :)	October 24, 2003, 11:05 PM
Thing	In this one, I have to spoof my User_Agent and Referrer to load the php page correctly. I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today. I have other fun things to do tonight. :)	October 24, 2003, 11:47 PM
iago	[quote author=Thing link=board=2;threadid=3232;start=0#msg25485 date=1067039242] In this one, I have to spoof my User_Agent and Referrer to load the php page correctly. I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today. I have other fun things to do tonight. :) [/quote] Ah yes, is that the one where it says: Browser: failed, requires mozilla 6.72 Referer: failed, requires www.microsoft.com/support? If so, yes, it just requires a manual HTTP request on port 80 :)	October 25, 2003, 12:06 AM
Adron	Wget can do it as well. A very nice tool it is. --referer=URL --user-agent=AGENT	October 25, 2003, 1:44 AM
Thing	Hehe I didn't even consider wget, even though I use it frequently. Good call Adron!	October 25, 2003, 3:29 AM
iago	I've never heard of that, but it would simplify things a lot! Back then I didn't really know what to type, so I had a lot of lines looking like: GET /page.html HTTP/1.1 Host: www.try2hack.nl get /page.html http/1.1 HOST: www.try2hack.nl etc.	October 25, 2003, 3:34 AM
Thing	Oh yea that was much easier Adron. [quote][black]wget --user-agent="MSIE 7.66;Unix" --referer="http://www.microsoft.com/ms.htm" http://w w w .try2hack.nl/levels/level7-xfkohc.php[/black][/quote] /edit Level 8 completed [quote][black]Viewing the source of the page revealed that it was executing /cgi-bin/phf. A quick google of phf expoit and I got some goodness http://w w w.try2hack.nl/cgi-bin/phf?Qalias=%0a/bin/cat%20/etc/passwd. Viola! There is the password file. I quickly copy and paste it into a new document and run John the Ripper on it. root / arsanik Done.[/black][/quote] Too bad level 9 is broken ... or is it ...	October 25, 2003, 2:33 PM

Author

Message

Time

Thing

[quote][/quote]is an indirect reference to http://www.try2hack.nl/faq/:[quote][/quote]
You assmonkey! Thanks to you I've spent the last 3 hours working on those levels! I'm at level seven and I need to rest my brain. I'm starting to see fairies dancing across the top of my monitor.

October 24, 2003, 10:50 PM

iago

lmao! Which one is level 7? I got upto the one that was a username/password which is sent to a .pl file which contains a very well known exploit classicly. I got the .passwd file, but never got around to cracking it before they changed all their stuff around :)

October 24, 2003, 11:05 PM

Thing

In this one, I have to spoof my User_Agent and Referrer to load the php page correctly. I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today. I have other fun things to do tonight. :)

October 24, 2003, 11:47 PM

iago

[quote author=Thing link=board=2;threadid=3232;start=0#msg25485 date=1067039242]
In this one, I have to spoof my User_Agent and Referrer to load the php page correctly. I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today. I have other fun things to do tonight. :)
[/quote]

Ah yes, is that the one where it says:
Browser: failed, requires mozilla 6.72
Referer: failed, requires www.microsoft.com/support?

If so, yes, it just requires a manual HTTP request on port 80 :)

October 25, 2003, 12:06 AM

Adron

Wget can do it as well. A very nice tool it is.

--referer=URL
--user-agent=AGENT

October 25, 2003, 1:44 AM

Thing

Hehe I didn't even consider wget, even though I use it frequently. Good call Adron!

October 25, 2003, 3:29 AM

iago

I've never heard of that, but it would simplify things a lot! Back then I didn't really know what to type, so I had a lot of lines looking like:
GET /page.html HTTP/1.1
Host: www.try2hack.nl

get /page.html http/1.1
HOST: www.try2hack.nl

etc.

October 25, 2003, 3:34 AM

Thing

Oh yea that was much easier Adron.
[quote][black]wget --user-agent="MSIE 7.66;Unix" --referer="http://www.microsoft.com/ms.htm" http://w w w .try2hack.nl/levels/level7-xfkohc.php[/black][/quote]

/edit Level 8 completed
[quote][black]Viewing the source of the page revealed that it was executing /cgi-bin/phf. A quick google of phf expoit and I got some goodness http://w w w.try2hack.nl/cgi-bin/phf?Qalias=%0a/bin/cat%20/etc/passwd. Viola! There is the password file. I quickly copy and paste it into a new document and run John the Ripper on it. root / arsanik Done.[/black][/quote]

Too bad level 9 is broken ... or is it ...

October 25, 2003, 2:33 PM

Valhalla Legends Forums Archive | General Discussion | Iago you suck!