okay........
I am trying to the referer: thing at this website to get past a password prompt (totally legal it is a game or contest or something http://quiz.ngsec.biz:8080/game1/index.php there is the link) I am only on level two and I am not understanding how to use the referer thing. It has a link to another page that says:
To see an ELEMENTARY way to spoof any referer (sic) value, you'll need telnet and a way to see the referer value that your server records (server logs always have the referer value in them).

Try the following:
(The example below assumes your homepage is index.html)

telnet www.yoursite.com 80 (press return)
GET /index.html HTTP/1.0 (press return)
Referer: http://www.hah-hah.com (press return)
(press return again)

Now, check your server logs and you'll see that "someone" from hah-hah.com grabbed your homepage

So I open telnet and try it on the home page but when I put in the get/ command it says in html "method not implemented"

I am not asking for someone to do it for me.... I just want to understand how this is done. I have been working on it for a few days but I think I am going in the wrong direction.

I do however know the username and password which is level one and is just guessing. username=admin password=ngsec

And yes when I open the home page in telnet I open it in port 80
more confusing to me is this. The example they provide for how to do this says to do it on the home page only I thought this didn't make sense because the password prompt is actually at http://quiz.ngsec.biz:8080/game1/level2/l33t.php. So if I am going to spoof the refering page I would need to open this page in telnet not the homepage. But then I can't open this page in telnet (not even in port 80). I am lost. So far this is what I am doing.

1. I open telnet
2. o www.ngsec.com 80
3. get/http://quiz.ngsec.biz:8080/game1/level2/l33t.php (i have tried this without using the get/ command and I get the html for the homepage...but that is not what I am looking for)
4. the connection gets lost before I ever get to enter the referer:www.ngsec.com (if that is even the right referer)

as I said before I don't really want anyone to do it for me I just would like to understand how it works. If the password prompt is at http://quiz.ngsec.biz:8080/game1/level2/l33t.php and the referer page has to be www.ngsec.com then how do you work this in telnet. Should the acual page your trying to open be the page that the password promt goes to??

And most of all...... I would like to know how the actual referer thing works anyway. Not to bypass it but on the web server.
I guess that is all.

and ontop of that where does the username and password come in. I have also tried to do this with my browser by typing "telnet:www.whatever.com 80" but telnet is only open for a split second and then it closes. Please if you tell me how to crack this explain how and why..... don't just tell me what. I would like to be able to do this in other situations and if I understand how and why I will be able to. Simply saying "type this" won't teach me anything.

Thanx