Basic Web Hacking 19 (updated)
Basic Web Hacking 19 (updated)
ghost | 9542 Reads | #####################################################
Basic Web hacking 19 by Turbocharged_06
##################################################### Basic Web Hacking 19
Drake has been studying some more PHP and has learned about the PHP function: header(), he has also found out about a new form of encryption. The password is here…somehow.
Knowledge Needed: PHP header() function
Tools Needed: HTTP Request and Response Header Viewer Decoder Web Developer Tools (optional)
O.k. First off if you don't know what the header() function is and what it does i recommend you read this first: (1) In many disciplines of computer science, a header is a unit of information that precedes a data object. In a network transmission, a header is part of the data packet and contains transparent information about the file or the transmission. In file management, a header is a region at the beginning of each file where bookkeeping information is kept. The file header may contain the date the file was created, the date it was last updated, and the file's size. The header can be accessed only by the operating system or by specialized programs. for more info go to http://www.devpapers.com/article/262
OK put the information you just read with the challenge description. You'll probably wanna read the pages header. To do this you can use an online HTTP Request and Response Header Viewer located at: http://web-sniffer.net/ Or you can download Live HTTP Headers from: http://livehttpheaders.mozdev.org. You can also Download a pluggin for firefox called Web Developer from https://addons.mozilla.org/firefox/60/ and Right Click>Web Developer> Information>View Response Headers. After reading the HTTP header you'll notice it is encrypted. You'll need to decrypt it using a decoder. When you find the type of encryption google "encryption type decoder" and youll find a decoder. Enter the info you get and there you go 30 points!
Please rate my article and note any changes i should make.
korg 17 years ago
Too much info this is a walkthrough, People should have gotten this without any help.
ghost 16 years ago
Thanks, man. I wasn't aware what headers were. And this article showed me. I was able to breeze through this. To the people who say it gave away too much: If you just learned something you didn't know before, then congratulations, that is the point of this website. This isn't actual hacks, this is learning how to hack.
ghost 16 years ago
i feel spoiled :( and i dont really feel like an understanding of the header() function is/was necessary in this case. Initially I thought we were supposed to call that function from the input box somehow or some sort of injection, but using an add-on made this script kiddie feel like a haxzor
ghost 16 years ago
You Should remove some info. I recommend removing the HTTP response header part from web developer tools. When they search google for the php Header() action they will end up there :D
MaddinW 12 years ago
I used wireshark to filter out the HTTP-transaction. If you are doing that as well, start capturing and filter for the IP of HBH. Should be easy to figure out for anyone who commits himself to hacking.
troll3rsk8tr 6 years ago
10/10 Helped me a lot, no spoilers, but still able to guide people in the right direction!