• Welcome to Valhalla Legends Archive.
 

iago you suck!

Started by Thing, October 24, 2003, 05:50 PM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Thing

October 24, 2003, 05:50 PM
Quote
is an indirect reference to http://www.try2hack.nl/faq/:
Quote
You assmonkey!  Thanks to you I've spent the last 3 hours working on those levels!  I'm at level seven and I need to rest my brain.  I'm starting to see fairies dancing across the top of my monitor.
That sucking sound you hear is my bandwidth.

iago

#1
October 24, 2003, 06:05 PM
lmao!  Which one is level 7?  I got upto the one that was a username/password which is sent to a .pl file which contains a very well known exploit classicly.  I got the .passwd file, but never got around to cracking it before they changed all their stuff around :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Thing

#2
October 24, 2003, 06:47 PM Last Edit: October 24, 2003, 06:47 PM by Thing
In this one, I have to spoof my User_Agent and Referrer to load the php page correctly.  I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today.  I have other fun things to do tonight. :)
That sucking sound you hear is my bandwidth.

iago

#3
October 24, 2003, 07:06 PM
Quote from: Thing on October 24, 2003, 06:47 PM
In this one, I have to spoof my User_Agent and Referrer to load the php page correctly.  I'm pretty sure I can do it with a telnet session to port 80 but I'm not going to mess with it anymore today.  I have other fun things to do tonight. :)

Ah yes, is that the one where it says:
Browser: failed, requires mozilla 6.72
Referer: failed, requires www.microsoft.com/support?

If so, yes, it just requires a manual HTTP request on port 80 :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Adron

#4
October 24, 2003, 08:44 PM
Wget can do it as well. A very nice tool it is.

--referer=URL
--user-agent=AGENT

Thing

#5
October 24, 2003, 10:29 PM
Hehe I didn't even consider wget, even though I use it frequently.  Good call Adron!
That sucking sound you hear is my bandwidth.

iago

#6
October 24, 2003, 10:34 PM
I've never heard of that, but it would simplify things a lot!  Back then I didn't really know what to type, so I had a lot of lines looking like:
GET /page.html HTTP/1.1
Host: www.try2hack.nl

get /page.html http/1.1
HOST: www.try2hack.nl

etc.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Thing

#7
October 25, 2003, 09:33 AM Last Edit: October 25, 2003, 05:12 PM by Thing
Oh yea that was much easier Adron.
Quotewget --user-agent="MSIE 7.66;Unix" --referer="http://www.microsoft.com/ms.htm" http://w w w .try2hack.nl/levels/level7-xfkohc.php

/edit  Level 8 completed
QuoteViewing the source of the page revealed that it was executing /cgi-bin/phf.  A quick google of phf expoit and I got some goodness http://w w w.try2hack.nl/cgi-bin/phf?Qalias=%0a/bin/cat%20/etc/passwd.  Viola!  There is the password file.  I quickly copy and paste it into a new document and run John the Ripper on it.  root / arsanik Done.

Too bad level 9 is broken ... or is it ...
That sucking sound you hear is my bandwidth.
Print
|
Go Up Pages1
User actions