• Welcome to Valhalla Legends Archive.
 

Good at cracking? Crack this file!

Started by Fr0z3N, February 22, 2006, 08:09 PM

Previous topic - Next topic

MyndFyre

Quote from: Fr0z3N on March 06, 2006, 06:52 AM
This is not my host, nor do I have any access to it, and if I changed anything about it, the CRC check would kick in.

You evidently don't know what a "hosts" file is.

If you're using Linux, open up /etc/hosts in your favorite text editor, or in Windows, %WINDIR%\System32\drivers\etc\hosts in your text editor of choice.

(This is a Windows hosts file)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Let's say your script is at http://www.bmpk.us/bmtppk/memberlist/checkchar.php.  All I do is add this entry into my hosts file:

127.0.0.1      www.bmpk.us     # cracking Fr0z3N's lame CRC check

Now all I do is put a file on the path /bmtppk/memberlist/checkchar.php on my local web server that always returns YES.

How to do this is revealed by a trivial packet capture.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Don't forget, you need to install either Apache or IIS first :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MyndFyre

Quote from: iago on March 06, 2006, 10:16 AM
Don't forget, you need to install either Apache or IIS first :P

Quote from: MyndFyre[vL] on March 06, 2006, 09:20 AM
Now all I do is put a file on the path /bmtppk/memberlist/checkchar.php on my local web server

:P
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

Quote from: MyndFyre[vL] on March 06, 2006, 10:22 AM
Quote from: iago on March 06, 2006, 10:16 AM
Don't forget, you need to install either Apache or IIS first :P

Quote from: MyndFyre[vL] on March 06, 2006, 09:20 AM
Now all I do is put a file on the path /bmtppk/memberlist/checkchar.php on my local web server

:P

Exacty!  You're making the assumption that he has a local web server :P
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Fr0z3N

#49
I do, but yeah. Thanks for making me look like an idiot MyndFyre, seriously thanks, finally I can try and crack this thing lol it's driving me crazy :) I'll go try that.

Thanks again MyndFyre, Ron and everyone else.


EDIT: Didn't work, please disregard that asm coding as it is 2 versions ago and is obsolete, if you could download the real dll and look through it that'd be great.

Could it have something to do with it using POST?

127.0.0.1 - - [06/Mar/2006:16:32:12 -0500] "POST /bmtppk/chyck.php HTTP/1.1" 200 61

iago

POST is just a way of submitting a form.  If you have a page that always displays YES, then it shouldn't matter.

It's also possible the instead of "yes" it displays an authentication code of some kind.  That would mean you'd have to dig more deeply. 
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Mystical

this may sound dumb, to me it kinda looks like it checks name checks page, then goes to another link to post yes or no, then check that page over, and then gets its results ....


.....

Mystical


Here's somthing instresting..

Hellmonkeyzz2 // MiscMuleA // USEast // 6pqm5n25

that's how its formatted into the file that you check from...

http://www.bmpk.us/bmtppk/memberlist/test.txt

then check this..

http://www.bmpk.us/bmtppk/memberlist/



Fr0z3N

Yeah all that has nothing to do with the current version. Also I think it might be logging into something, not sure.

|