Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic Web Hacking 19 (updated)


Basic Web Hacking 19 (updated)

By ghostghost | 9726 Reads |
0     0

#####################################################

Basic Web hacking 19 by Turbocharged_06

##################################################### Basic Web Hacking 19

Drake has been studying some more PHP and has learned about the PHP function: header(), he has also found out about a new form of encryption. The password is here…somehow.

Knowledge Needed: PHP header() function

Tools Needed: HTTP Request and Response Header Viewer Decoder Web Developer Tools (optional)

O.k. First off if you don't know what the header() function is and what it does i recommend you read this first: (1) In many disciplines of computer science, a header is a unit of information that precedes a data object. In a network transmission, a header is part of the data packet and contains transparent information about the file or the transmission. In file management, a header is a region at the beginning of each file where bookkeeping information is kept. The file header may contain the date the file was created, the date it was last updated, and the file's size. The header can be accessed only by the operating system or by specialized programs. for more info go to http://www.devpapers.com/article/262

OK put the information you just read with the challenge description. You'll probably wanna read the pages header. To do this you can use an online HTTP Request and Response Header Viewer located at: http://web-sniffer.net/ Or you can download Live HTTP Headers from: http://livehttpheaders.mozdev.org. You can also Download a pluggin for firefox called Web Developer from https://addons.mozilla.org/firefox/60/ and Right Click>Web Developer> Information>View Response Headers. After reading the HTTP header you'll notice it is encrypted. You'll need to decrypt it using a decoder. When you find the type of encryption google "encryption type decoder" and youll find a decoder. Enter the info you get and there you go 30 points!

Please rate my article and note any changes i should make.

Comments
Zer0Man's avatar
Zer0Man 17 years ago

Very informative and helpful.

ghost's avatar
ghost 17 years ago

nice dude:)

ghost's avatar
ghost 17 years ago

Kinda tells to much. But good anyway

Zer0Man's avatar
Zer0Man 17 years ago

Good update, have d/loaded the Web Developer FF add-on, thanks. :)

korg's avatar
korg 17 years ago

Too much info this is a walkthrough, People should have gotten this without any help.

ghost's avatar
ghost 17 years ago

What information do you guys think i should take off?

ghost's avatar
ghost 17 years ago

THX…; )

ghost's avatar
ghost 17 years ago

Thanks, man. I wasn't aware what headers were. And this article showed me. I was able to breeze through this. To the people who say it gave away too much: If you just learned something you didn't know before, then congratulations, that is the point of this website. This isn't actual hacks, this is learning how to hack.

ghost's avatar
ghost 17 years ago

i feel spoiled :( and i dont really feel like an understanding of the header() function is/was necessary in this case. Initially I thought we were supposed to call that function from the input box somehow or some sort of injection, but using an add-on made this script kiddie feel like a haxzor

ghost's avatar
ghost 17 years ago

which script kidie?

ghost's avatar
ghost 17 years ago

Great article. Helps with the challenge without spoiling it.

ghost's avatar
ghost 17 years ago

You Should remove some info. I recommend removing the HTTP response header part from web developer tools. When they search google for the php Header() action they will end up there :D

ghost's avatar
ghost 16 years ago

Great Article!;) Helped a lot and gave new info too.

Death_metal666's avatar
Death_metal666 13 years ago

Great article. Helps with the challenge without spoiling it.:D:D

MaddinW's avatar
MaddinW 13 years ago

I used wireshark to filter out the HTTP-transaction. If you are doing that as well, start capturing and filter for the IP of HBH. Should be easy to figure out for anyone who commits himself to hacking.

crashOverrIde's avatar
crashOverrIde 10 years ago

Tnx alot…m tru!

troll3rsk8tr's avatar
troll3rsk8tr 7 years ago

10/10 Helped me a lot, no spoilers, but still able to guide people in the right direction!