|
-
August 3rd, 2003, 03:22 AM
#1
NetCat for Hacker Games
This tutorial has been written in response to a post in a thread in “web security” regarding a “hacking game”.
==+=+=+=+=+=+=+=+=+=+=+=+=+=+
“Is there anything I could read to learn this stuff, or do I just play around with it? I tried at <Some-Site>, and I am completely awful, but I haven't been able to find anything to really read on the subject. Any pointers, tips, tuts, texts would be appreciated, thank you.”
==+=+=+=+=+=+=+=+=+=+=+=+=+=+
Ok people, were talking about something that’s supposed to be a learning experience so how can that be if there is no source of reference. Without a source of reference, or 1337 friends to show you, you could poke around with this all day and get nowhere. This is not conducive to learning in fact it’s more of a hindrance when one gets disgusted and quits. One will never know how to secure a site if their oblivious to how it gets abused.
With this I hope to provide some knowledge and although I’m giving step-by-step instructions for passing this level, one cannot help but learn something in following those steps. That’s the point right?
Requirements for this tutorial:
An internet connection that uses a NIC card. Those with a dial-up connection could do this with using a home network. (If you know of a sniffer the will capture outgoing packets using a modem….please let me know)
A packet sniffer. This is my tutorial so I recommend Packetmon from analogX for windows. Its small and doesn’t require any special libs.
And of course our ubiquitous NetCat.
Ok lets get started.
The first thing we need to do is take a look see at what an actual form request looks like as it leaves your computer. So open packetmon and click ‘Start’. I don’t plan to go threw configuring the sniffer but we don’t need to filter anything out for this experiment. Now go to a form page Submit it then stop the capture. In the capture window of your sniffer you’ll get something like:
POST /auth.php HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: 10.0.0.5:81
Content-Length: 28
Connection: Keep-Alive
Cache-Control: no-cache
password=doh&username=oghh
(NOTE: this is not the header for the games site. If you want that your going to have to get it yourself.)
submit and capture many different forms from different sites to become familiar with whats going on.
For information about each header field refer to rfc2616 Sec. 14
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
What you seeing is the http1.1 protocol in action. The form request is sent out in plain text. Now if you copy the entire request from the sniffer’s window into a text editor you can make the necessary changes and save it as somefile.txt
Now assuming you have netcat in your search path, open a command prompt and navigate to the folder where you saved somefile.txt.
If you were to enter:
nc –vv thatsite.com 80 <somefile.txt
Netcat will send the request exactly as your browser would. If you had made any changes to somefile.txt the altered request would be sent in the correct manner.
So in our game thread it seems that in level 4 an email addy could be changed and sent by viewing the pages source, making the change in the editor used for viewing the source then saving the source as an htm file locally, opening it in a browser and submitting it. while the next level attempts to disallow the submitting of forms saved locally by requiring a referring location which will appear in the header of a legitimate request made by a browser from that page.
rfc2616 Sec. 14.36
Capture the header from that form page by submitting it from the web page. Notice a “referrer: field has been added. Leave that as is. Make your corrections and send it using NetCat.. BTW the same method could have been used for level 4 albeit a little more awkwardly than saving the source.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
August 3rd, 2003, 05:15 AM
#2
Ok people, were talking about something that’s supposed to be a learning experience so how can that be if there is no source of reference. Without a source of reference, or 1337 friends to show you, you could poke around with this all day and get nowhere. This is not conducive to learning in fact it’s more of a hindrance when one gets disgusted and quits. One will never know how to secure a site if their oblivious to how it gets abused.
Just wanted to say, I couldn't of said it better myself.
Thank you. Be safe and stay free.
Your heart was talking, not your mind.
-Tiger Shark
-
August 11th, 2003, 11:45 AM
#3
Senior Member
[pong][gloworange]665[/gloworange] Next door to the [glowpurple]devil[/glowpurple][/pong]
-
August 11th, 2003, 04:40 PM
#4
This is a great post. Especially with a little info about netcat. So many people have been asking about it and it needed to be done.
PeacE
-BoB
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
-
August 11th, 2003, 06:36 PM
#5
Member
Hi!
Tedob1, for sniff a dial-up conection, try www.sniff-em.com/sniffem.shtml
See u!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote