Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Anyone Identify this?

  1. June 25th, 2004, 10:39 PM #11
    benseven11
    benseven11 is offline
    Junior Member
    Join Date
    Sep 2003
    Posts
    3
    maybe its just a part of a masked URL
    for eg the masked url of
    the address http://www.antionline.com/showthread...hreadid=256810
    after masking would be exactly like this
    http://%77%77%77%2E%61%6E%74%69%6F%6...35%36%38%31%30
    Reply With Quote Reply With Quote
  2. June 25th, 2004, 10:47 PM #12
    benseven11
    benseven11 is offline
    Junior Member
    Join Date
    Sep 2003
    Posts
    3
    maybe its just a part of a certain masked url
    for egzample
    this address http://www.antionline.com/showthread...hreadid=256810
    would be like this one after masking
    %77%77%77%2E%61%6E%74%69%6F%6E%6C%69%6E%65%2E%63%6F%6D%2F%73%68%6F%77%74%68%72%65%61%64%2E%70%68%70%3F%73%3D%26%74%68%72%65%61%64%69%64%3D%32%35%36%38%31%30
    Reply With Quote Reply With Quote
  3. June 25th, 2004, 11:33 PM #13
    Mark_Anderson
    Mark_Anderson is offline
    Member
    Join Date
    Jun 2004
    Posts
    37
    "Hey all, just curious if anyone can identify this:

    3B%2f%2b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt
    %2fM4puXZY6yUti6uynL8CUNJwkkD%2foxrtGj5vqGihZstSV3
    jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2fQTsDE18mT64
    tI3ZflhfA6PoHT8ndjV6M%2fpUKZh%2fGylat4lWaXDD7J4W6f
    d1PwRaXnGit1PYYE%2fj%2frjwCD5UCg2Ye8yyZ%2b0VwrvaO%
    2fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26k
    hyAwpyOj0cUv%2bK50%2fAUog3k7zJjo6tKhZbx0LOzJta

    This is from some source from a webpage, and i am sure that some is URL octal (ie %25, etc.)

    If curious it is hidden form data that is being submitted...

    Thanks in advance....."

    Well, the %2f etc. parts are Hex. The prefix '%', '\x', '0x', suffix 'h' etc all denote that hex will be represented. If it was octal it would look like this:

    http://00000000317.000262.0000052.00...cure.htm#octal

    Notice the many 0's as the prefixes.

    Some Hex codes represented as dwords and/or quadwords could've maybe went into that too.

    Note: It's not "illegal" to obscure URL's by mixing decimal, octal, and hex all together within the URL's or even webpage source code.
    Reply With Quote Reply With Quote
  4. August 27th, 2004, 02:44 AM #14
    dynagnosis
    dynagnosis is offline
    Member
    Join Date
    Jun 2004
    Posts
    47
    I don't have the answer.. but I do have a suggestion for 'next steps'

    Try the request again and verify you have the data... if so, we're going to have some fun.

    Try changing the request oh-so-slightly.. perhaps instead of 100 Main St. do 101 Main St... now look at the data again. Is it totally different or did only parts change?

    pick out the parts that changed and start fooling with them.. get an idea of what changes what (clear as mud?).

    %2 looks like a "space" .. % never appears without a 2 to the right. that is a consistansy.

    Lets re write it...

    3B%2

    f%2

    b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2

    fM4puXZY6yUti6uynL8CUNJwkkD%2

    foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2

    fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2

    fpUKZh%2

    fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2

    fj%2

    frjwCD5UCg2Ye8yyZ%2

    b0VwrvaO%2

    fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2

    bK50%2

    fAUog3k7zJjo6tKhZbx0LOzJta

    It looks like there are 14 seperate fields.. or pieces of data... a lot of them start with 'f' ...what other things do you notice? Chances are this is homegrown encryption.. it is nothing I recognize... cracking code is fun man.. play with it

    <EDIT>
    Are these driving directions? It looks like it can actually be seperated into two parts.. look at it... do you see the two sections?

    Section 1:

    3B%2

    f%2
    b2cuPYhjQtkWz3xgCtGqxtAgQJKM7U7NWk7u5nrnNKt%2
    fM4puXZY6yUti6uynL8CUNJwkkD%2
    foxrtGj5vqGihZstSV3jb6a2MPlEsColo8t4nMPdI79NmwfTiC2pGwV%2
    fQTsDE18mT64tI3ZflhfA6PoHT8ndjV6M%2
    fpUKZh%2
    fGylat4lWaXDD7J4W6fd1PwRaXnGit1PYYE%2

    Section 2:

    fj%2
    frjwCD5UCg2Ye8yyZ%2
    b0VwrvaO%2
    fjs05cl28jcMLqFU43DzzfaKKX8JClXmMzoOIF6cYWXzqJ26khyAwpyOj0cUv%2
    bK50%2
    fAUog3k7zJjo6tKhZbx0LOzJta

    .. or maybe not... heh.. but thats what cracking code is about
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss
    Reply With Quote Reply With Quote
  5. August 27th, 2004, 07:15 AM #15
    Tedob1
    Tedob1 is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i have no idea what the data is and it really doesn't matter to get a map to load. below is a request made from mapquest's search page for 1 world trade plaza new york ny

    http://www.mapquest.com/maps/map.adp...rch=++Search++

    changed so it can be read:

    hXXp://XXX.mapquest.com/maps/map.adp?country=US&countryid=US&addtohistory=&searchtab=address&searchtype=address&address=1+world+trade+plaza&city=new+york+&state=ny&zipcode=&search=++Search++

    its easy to see how the request is made to the server and the address can be substituted with any other address. set a page to load using this address as the source and its a done deal. replace the number, street etc with variables and you've got your own map search
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules