Re: [PEN-TEST] websence bypass ?

From: Robert Shea (robert.sheaat_private)
Date: Fri Apr 27 2001 - 12:36:53 PDT

  • Next message: Jacob Ansari: "[PEN-TEST] wireless LAN traffic sniffing"

    In addition to decimal addresses, and appending the port number... this
    works against many systems like this (just depends on how they match)
    http://trustedsite.com@actual-target-site
    
    so say cnn.com is allowed, but www.hitlist.com is not
    cnn.comat_private">http://cnn.comat_private
    and of course mixing
    http://cnn.com@2704981249:80
    
    Some systems (it should be noted, that I have not tested the one in
    question) will match the first domain "cnn.com" and move on, ignoring the
    rest...
    Robert
    
    %
    %>You can sometimes add :80 to the end of a url http://www.yahoo.com:80
    %>You can also use the ip address of the webserver
    %http://xxx.xxx.xxx.xxx
    %>Maybe even add a :80 to the end of the ip url.
    %>There is also a way to convert the ip address into a number
    %string, I have
    %>to go talk to some
    %>people to remember how to do that one, but email me back so
    %that I remember.
    %>Tony
    %
    %Converting to a numeric value is done by 'pretending' that the
    %dotted quad is a
    %base 256 number. Thus the first byte is multiplied by
    %256*256*256, the second by
    %256*256 the third by 256 and the last is not multiplied at
    %all. Add these up and
    %then try and connect to it using that number.
    %
    %66.38.151.10
    %= 66 * 256 * 256 * 256
    %+ 38 * 256 * 256
    %+ 151 *256
    %+ 10
    %= 1109825290
    %
    %Can then connect to this as http://1109825290 apparantly
    %that'll skip past a
    %number of validators which check against IP and 'name'
    %
    %(Or you could just use an IP-to-DWORD calculator such as that on
    %http://www.fichtner.net/tools/ip2dword/
    %More info: http://www.pc-help.org/obscure.htm )
    %
    %--
    %Ed Rolison
    %System Administrator
    
    
    



    This archive was generated by hypermail 2b30 : Fri Apr 27 2001 - 15:40:18 PDT