i just don't get it (ngsec 2nd level) referer
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: i just don't get it (ngsec 2nd level) referer

  1. #1
    Banned
    Join Date
    Aug 2004
    Posts
    534

    i just don't get it (ngsec 2nd level) referer

    I've read both of these threads:

    link1

    link2

    but i still cannot do the challenge on this page

    ngsec

    here are some things i don't get:

    1.

    HTTP1.0:
    GET /game1/level2/l33t.php?login=admin&password=ngsec HTTP/1.0
    Referer: www.hah-hah.com
    <enter>
    <enter>

    HTTP1.1
    GET /game1/level2/l33t.php?login=admin&password=ngsec HTTP/1.1
    Host: quiz.ngsec.com
    Referer: www.hah-hah.com
    <enter>
    <enter>

    here are 2 examples from one of the AO pages. let's say that we forget about the username and password for now.

    Is "GET /game1/level2/l33t.php HTTP/1.1 Host: quiz.ngsec.com Referer: www.blabla.com" one line or is that supposed to be seperate lines. Am I missing and spaces or characters.


    2. Is name/password really necesary?

    3. If this is performed correctly and I can actualy grab the page, will it open in IE or will it be saved on HD.

    I tried to use "final spoof" I tried to use telnet. I refered to www.ngsec.com. i refered to quiz.ngsec.com. I don't know what I'm doing wrong. just please point me in right direction. I always get 400 bad request. I'm I just refering to a wrong page. If so than what kind of challange is it if I have to guess.

    Pls help me I'm stupid

  2. #2
    Banned
    Join Date
    Aug 2004
    Posts
    534
    i've noticed that although the the name in the url is l33t.php the name in the source is validate_l33t.php how is that possible and which one should i use

  3. #3
    just get burpproxy here and run it and see what is sent to the server when you connect. you will see a line called referer:, this you will have to alter into something that challenge is needing... (it will be something like www.ngsec.com) .
    this will solve your problem..

    hope this helps

  4. #4
    Banned
    Join Date
    Aug 2004
    Posts
    534
    burp won't run since i have the newest jvm ... the beta version

  5. #5
    Banned
    Join Date
    Jul 2004
    Posts
    297
    unhappy if you read the page the hint is on it tells you the commands your listing are done through telnet...
    <edit>The reffering page is not going to be the harhar.com or whatever.com. Its the specific one for that authinitcatin. Your one the right track but due to the nature of ngsec im not going to just flat out give you the answer.</edit>

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Want a good program that will allow you to modify data between your client and the server?

    Try out achilles

    http://www.astalavista.com/?section=...d=file&id=2513

    Its basically a proxy that you run on your computer. It will listen on a port you specify. Then, you configure your browser to use the proxy that achilles sets up. You can then use achilles to intercept the data between the client and server... modify as you wish and then send it along.

    Quite fun really.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    Its basically a proxy that you run on your computer. It will listen on a port you specify. Then, you configure your browser to use the proxy that achilles sets up. You can then use achilles to intercept the data between the client and server... modify as you wish and then send it along.
    burpproxy is just the same,
    and so is proximitron, this is also a nice proxy to spoof several things....

  8. #8
    Banned
    Join Date
    Aug 2004
    Posts
    534
    thanx for your replies guys...

    i understand what you are saying as far a proxy servers but like i said

    burproxy won't work since i have incompatible JVM (it's the newest beta)
    achilles won't work at all... i think it's because for now i'm stuck w/ AOL


    BUT I DID FINISH THE 2ND LEVEL AS WELL AS THE 3RD AND 4TH

    I still have some questions thought.

    "GET /game1/level2/validate_l33t.php?login=admin&password=ngsec HTTP/1.1
    Host: quiz.ngsec.biz
    Referer: http://www.ngsec.com"

    1. why does referer have to have "http://" specified in its definition
    2. i thought that i will have to guess the referer but in the end i had to guess the "Host:" part and changed it to .biz ... WTF.. is there some obvious thing that i missed by witch the Host: was naturally .biz
    3. #3 and #4 solutions could've been put into the browser window in a manner like this

    "http://www.quiz.ngsec.com/game1/level3/blabbla.php:8080&login=&password= HTTP/1.1"

    or something like that

    is there a way to make 2 level to put into the browser insted of using telnet. I know that we have the "Host:" line and "Referer:" line but there should be a way to simulate "Enter" key w/ a character which could be between the lines which would make it ALL one line

    Am I right and if so, is there such a character???

  9. #9
    1. --&gt; it doesn't have to, it's just what the site has used to allow access... (if i'm not mistaken).
    2. --&gt; the referer you had to guess, it had something to do with the company was the hint... as for the host:, i don't recall having to alter it to get passed that level...
    3. --&gt; i believe there is a way, although i can't think of it right now (just got home from a very stressing day at work ).

  10. #10
    Junior Member
    Join Date
    Aug 2003
    Posts
    29
    i just finished it as well, but i cant seem to figure out how to update my score. this is what i got when i beat the level.

    &lt;span class="cab"&gt;&lt;b&gt;Level 2 Complet
    ed!&lt;/b&gt;&lt;/span&gt;&lt;p&gt;
    &lt;p class="txt"&gt;&lt;b&gt;CONGRATULATIONS!!! Authentication Completed!&lt;
    /b&gt;&lt;/p&gt;
    &lt;p class="txt"&gt;At this point &lt;b&gt;you should update your score&lt;/b&gt; filling
    this form.&lt;/p&gt;
    &lt;p class="txt"&gt;&lt;b&gt;Not yet registered?&lt;/b&gt; Follow this link: &lt;a hre
    f="../register.php"&gt;Registration Form&lt;/a&gt;&lt;/p&gt;
    &lt;form action="http://quiz.ngsec.com
    /game1/update_score.php" method="POST"&gt;
    Stay away from my friends, they\'re smooth operators lookin for a way in.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •