http_referer
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: http_referer

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    25

    http_referer

    okay........
    I am trying to the referer: thing at this website to get past a password prompt (totally legal it is a game or contest or something http://quiz.ngsec.biz:8080/game1/index.php there is the link) I am only on level two and I am not understanding how to use the referer thing. It has a link to another page that says:
    To see an ELEMENTARY way to spoof any referer (sic) value, you'll need telnet and a way to see the referer value that your server records (server logs always have the referer value in them).

    Try the following:
    (The example below assumes your homepage is index.html)

    telnet www.yoursite.com 80 (press return)
    GET /index.html HTTP/1.0 (press return)
    Referer: http://www.hah-hah.com (press return)
    (press return again)

    Now, check your server logs and you'll see that "someone" from hah-hah.com grabbed your homepage

    So I open telnet and try it on the home page but when I put in the get/ command it says in html "method not implemented"

    I am not asking for someone to do it for me.... I just want to understand how this is done. I have been working on it for a few days but I think I am going in the wrong direction.

    I do however know the username and password which is level one and is just guessing. username=admin password=ngsec

    And yes when I open the home page in telnet I open it in port 80
    more confusing to me is this. The example they provide for how to do this says to do it on the home page only I thought this didn't make sense because the password prompt is actually at http://quiz.ngsec.biz:8080/game1/level2/l33t.php. So if I am going to spoof the refering page I would need to open this page in telnet not the homepage. But then I can't open this page in telnet (not even in port 80). I am lost. So far this is what I am doing.

    1. I open telnet
    2. o www.ngsec.com 80
    3. get/http://quiz.ngsec.biz:8080/game1/level2/l33t.php (i have tried this without using the get/ command and I get the html for the homepage...but that is not what I am looking for)
    4. the connection gets lost before I ever get to enter the referer:www.ngsec.com (if that is even the right referer)

    as I said before I don't really want anyone to do it for me I just would like to understand how it works. If the password prompt is at http://quiz.ngsec.biz:8080/game1/level2/l33t.php and the referer page has to be www.ngsec.com then how do you work this in telnet. Should the acual page your trying to open be the page that the password promt goes to??

    And most of all...... I would like to know how the actual referer thing works anyway. Not to bypass it but on the web server.
    I guess that is all.

    and ontop of that where does the username and password come in. I have also tried to do this with my browser by typing "telnet:www.whatever.com 80" but telnet is only open for a split second and then it closes. Please if you tell me how to crack this explain how and why..... don't just tell me what. I would like to be able to do this in other situations and if I understand how and why I will be able to. Simply saying "type this" won't teach me anything.

    Thanx
    Hi, I don\'t care........ Thanks

    4sale

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    3) There are all kinds of things wrong with this

    a) the URL indicates port 8080, you are telneting to port 80...see a problem?
    b) GET should be in all capitals
    c) You should NOT have HTTP:// in there
    d) you should have spaces between command, url, and method
    Ie: GET <url> <method>
    e) You should always end requests with the method, in this case HTTP/1.0 will work just fine...

    so try:

    telnet www.nqsec.com 8080
    GET /game1/level2/l33t.php HTTP/1.0
    User-Agent: L4m3r
    Referer: www.hah-hah.com


    End of story...

    Big thing to remember: <ACTION> <PATH/FILENAME of URL> <METHOD>

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    One thing I'd like to throw out there.... when I do challenges and such like the above.

    Instead of using telnet... y not just use a sniffer?

    Using telnet you just type commands that your browser would normally do for you.

    If you use a packet capture... such as Ethereal and make the request with your browser you will get all the same info.. but MUCH MUCH more. This seems like a pretty easy challenge.. and the capture might be a little overkill... but I have yet to see something as too much information as of yet. Could be helpful later down the road in another challenge.

    Just follow the TCP stream.

    I have not attempted these challenges yet. I'll have to check them out. Thanks for the site.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Junior Member
    Join Date
    May 2003
    Posts
    25
    It says could not open connection on port 8080
    Oh I did have a space after GET but I did not know it had to be caps
    Should the page I try to open be the page with the login prompt?

    oh and I have ethereal but I am also on tcp/ip. Any way have lots of sniffers but really want to learn how to use telnet for this. I know I could get around it by some other means in my script kiddie arsonal but really I am just trying to learn without them. (not that sniffers are limited to scipt kiddies but the point is I just want to learn.)

    ethereal says i have to have and ethernet card....... and I don't
    Hi, I don\'t care........ Thanks

    4sale

  5. #5
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Why are you telnetting to www.ngsec.com? The URL you're connecting to is quiz.ngsec.com. www.ngsec.com might be a completely different web server. It's a common misconception that the URL must have "www" in order to be a web server and that www is the only web server allowed per domain. You can run any number of webservers from any domain name or sub-domain name as long as you have an available port. By using telnet, you're merely passing the same commands to the website that the browser is passing, and that the web server is listening for. You could do some reading about the HTTP protocol to get a better idea of what's going on, and a better understanding of the referrer concept. Here are some other links that may be helpful:

    http://www22.verizon.com/about/commu...86z1%2C00.html

    http://www.w3.org/Protocols/HTTP/HTTP2.html
    /* You are not expected to understand this. */

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    25
    also I was wondering if there is any way to do through the browser (spoofing the reffer).
    Such as "www.anysite.com referer:www.anyothersite.com"
    I know this example would not work but is there not a javascript command that may do this?

    Example:"javascriptpen.window "www.anysite.com" referer:www.anyothersite.com

    I am a bit rusty on my java script don't know if the actual javascript is right but what I am asking is if that is possible??
    Hi, I don\'t care........ Thanks

    4sale

  7. #7
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    What are you talking about? JavaScript is a client-side processing language only. The only thing you could affect with JavaScript is your own machine. JavaScript is embedded in HTML pages to perform some action on a client machine when it connects to the server and loads the page containing the script. There isn't really an interface for you to run JavaScript commands and have them affect the server you're connected to.
    /* You are not expected to understand this. */

  8. #8
    Junior Member
    Join Date
    May 2003
    Posts
    25
    Allright....... Okay.......... I'll just take some time now to soak in all I have been given. Thank you all.

    You know I did look for these answers elsewhere and really did not want to post this but I did not understand the stuff that I found when I googled it and the only thing I can find in these forums here are posts on what not to post if your a newbie. I searched this forum and I searched google,alltheweb and all I found was short turorials that didn't explain anything.

    anyway thanx for explaining now I am going to go study

    okay this is where I am at now:

    1. open telnet
    2. o quiz.ngsec.biz 8080 (return)
    3. GET game1/level2/l33t.php (return)
    4. referer:www.ngsec.com (return *2)

    although this is not working I am getting much further than I was.

    It says "400 bad request"
    and "invalid request in GET game1/level2/l333t.php HTTP/1.0"
    I tried it with "GET/game1/level2/l33t.php HTTP/1.0" and the way above

    also don't get the "User-Agent:" thing
    I suppose that it would be "User-Agent:admin"
    but then where does the password come in. "User-Agent:admin-ngsec"???hmmmmm
    you know what I really need is a list of commands and how they are used.

    And only one more thing...... If all I am doing by using telnet is doing the same thing my browser would do then what program other than a sniffer would I need to use to do this. I have worked on this a little with netcat but that is really just like using telnet right. I tried to spoof the referer with the -g command in netcat but had no success. (I know due to my lack of knowlage about netcat.) Just some thoughts

    correction: above in #3 I forgot to type the HTTP/1.0 but in telnet I did type it
    Hi, I don\'t care........ Thanks

    4sale

  9. #9
    Junior Member
    Join Date
    May 2003
    Posts
    25
    just wanted to let you know where I am at ....... have enough info now to firgure it out on my own Woooooo Hoooooo . I'm just happy I got this far. I can beat this thing.

    I was going to go for the trial and error learning thing but I trial and errored myself to death.

    Thank you much........ I bid you good nite, and may the forces of evil become confused on the way to your house.
    Hi, I don\'t care........ Thanks

    4sale

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    it would be far simpler to download a proxy program to use as a go between for your browser and the web site. There are proxies out there written to allow you to modify the http headers....which would probably be easier than using telnet. It's also fairly simple to write one yourself.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •