i just don't get it (ngsec 2nd level) referer

I've read both of these threads:

link1

link2

but i still cannot do the challenge on this page

ngsec

here are some things i don't get:

1.

HTTP1.0:
GET /game1/level2/l33t.php?login=admin&password=ngsec HTTP/1.0
Referer: www.hah-hah.com
<enter>
<enter>

HTTP1.1
GET /game1/level2/l33t.php?login=admin&password=ngsec HTTP/1.1
Host: quiz.ngsec.com
Referer: www.hah-hah.com
<enter>
<enter>

here are 2 examples from one of the AO pages. let's say that we forget about the username and password for now.

Is "GET /game1/level2/l33t.php HTTP/1.1 Host: quiz.ngsec.com Referer: www.blabla.com" one line or is that supposed to be seperate lines. Am I missing and spaces or characters.


2. Is name/password really necesary?

3. If this is performed correctly and I can actualy grab the page, will it open in IE or will it be saved on HD.

I tried to use "final spoof" I tried to use telnet. I refered to www.ngsec.com. i refered to quiz.ngsec.com. I don't know what I'm doing wrong. just please point me in right direction. I always get 400 bad request. I'm I just refering to a wrong page. If so than what kind of challange is it if I have to guess.

Pls help me I'm stupid

i've noticed that although the the name in the url is l33t.php the name in the source is validate_l33t.php how is that possible and which one should i use

just get burpproxy here and run it and see what is sent to the server when you connect. you will see a line called referer:, this you will have to alter into something that challenge is needing... (it will be something like www.ngsec.com) .
this will solve your problem..

hope this helps :p

burp won't run since i have the newest jvm ... the beta version

unhappy if you read the page the hint is on it tells you the commands your listing are done through telnet...
<edit>The reffering page is not going to be the harhar.com or whatever.com. Its the specific one for that authinitcatin. Your one the right track but due to the nature of ngsec im not going to just flat out give you the answer.</edit>

Want a good program that will allow you to modify data between your client and the server?

Try out achilles

http://www.astalavista.com/?section=...d=file&id=2513

Its basically a proxy that you run on your computer. It will listen on a port you specify. Then, you configure your browser to use the proxy that achilles sets up. You can then use achilles to intercept the data between the client and server... modify as you wish and then send it along.

Quite fun really. :)

Quote:

---

Its basically a proxy that you run on your computer. It will listen on a port you specify. Then, you configure your browser to use the proxy that achilles sets up. You can then use achilles to intercept the data between the client and server... modify as you wish and then send it along.

---

burpproxy is just the same,
and so is proximitron, this is also a nice proxy to spoof several things....

thanx for your replies guys...

i understand what you are saying as far a proxy servers but like i said

burproxy won't work since i have incompatible JVM (it's the newest beta)
achilles won't work at all... i think it's because for now i'm stuck w/ AOL


BUT I DID FINISH THE 2ND LEVEL AS WELL AS THE 3RD AND 4TH

I still have some questions thought.

"GET /game1/level2/validate_l33t.php?login=admin&password=ngsec HTTP/1.1
Host: quiz.ngsec.biz
Referer: http://www.ngsec.com"

1. why does referer have to have "http://" specified in its definition
2. i thought that i will have to guess the referer but in the end i had to guess the "Host:" part and changed it to .biz ... WTF.. is there some obvious thing that i missed by witch the Host: was naturally .biz
3. #3 and #4 solutions could've been put into the browser window in a manner like this

"http://www.quiz.ngsec.com/game1/level3/blabbla.php:8080&login=&password= HTTP/1.1"

or something like that

is there a way to make 2 level to put into the browser insted of using telnet. I know that we have the "Host:" line and "Referer:" line but there should be a way to simulate "Enter" key w/ a character which could be between the lines which would make it ALL one line

Am I right and if so, is there such a character???

1. --&gt; it doesn't have to, it's just what the site has used to allow access... (if i'm not mistaken).
2. --&gt; the referer you had to guess, it had something to do with the company was the hint... as for the host:, i don't recall having to alter it to get passed that level...
3. --&gt; i believe there is a way, although i can't think of it right now (just got home from a very stressing day at work :p).

i just finished it as well, but i cant seem to figure out how to update my score. this is what i got when i beat the level.

&lt;span class="cab"&gt;&lt;b&gt;Level 2 Complet
ed!&lt;/b&gt;&lt;/span&gt;&lt;p&gt;
&lt;p class="txt"&gt;&lt;b&gt;CONGRATULATIONS!!! Authentication Completed!&lt;
/b&gt;&lt;/p&gt;
&lt;p class="txt"&gt;At this point &lt;b&gt;you should update your score&lt;/b&gt; filling
this form.&lt;/p&gt;
&lt;p class="txt"&gt;&lt;b&gt;Not yet registered?&lt;/b&gt; Follow this link: &lt;a hre
f="../register.php"&gt;Registration Form&lt;/a&gt;&lt;/p&gt;
&lt;form action="http://quiz.ngsec.com
/game1/update_score.php" method="POST"&gt;