HBH Doesn't like my packet
THE PACKET I SENT: POST /challenges/timed/timed2/index.php HTTP/1.1 Host: www.hellboundhackers.org User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) Content-type: application/x-www-form-urlencoded Content-length: 9 Set-Cookie: removed
test=test
THE PACKET I RECIEVED HTTP/1.1 200 OK Date: Sat, 01 Sep 2007 16:26:27 GMT Server: Apache/2.0.54 (Fedora) X-Powered-By: PHP/5.0.4 Set-Cookie: PHPSESSID=31c23ld8eb4ijbbr71dthg1902; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 345 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html> <head> <title>Malformed Request</title> </head> <body> <h1>Malformed Request</h1> <p>Please check that no referer spoofing applications are active and try again.</p> <hr/> <address>Apache/2.0.54 (Fedora) Server at www.hellboundhackers.org Port 80</address> </body> </html>
What's wrong with the packet I sent?
rumburak wrote: Didn't try timed but I've got similar reply when trying the other The site is checking if you are logged in and if referer is from challenge page ( here …/timed2/index.php )
I don't think it's checking if I'm logged in: that's not very logical. If it was, it wouldn't give me a 'malformed request' error.
lesserlightsofheaven wrote: Despite what that error message says, you actually DO need to spoof your referrer to get your submission to work. so use:
markupcurl_opt($yourvar, CURLOPT_REFERER, $yourdata)
and it should return the page.
I'm not using curl. I'm writing the packet manually, then using sockets:
function makePacket($host, $page, $agent, $cookie, $data)
{
#Generate the packet
$packet = "POST ".$page." HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "User-Agent: ".$agent."\r\n";
$packet .= "Content-type: application/x-www-form-urlencoded\r\n";
$packet .= "Content-length: 0\r\n"; /*strlen($data)*/
$packet .= "Set-Cookie: ".$cookie."\r\n";
$packet .= "\r\n";
$packet .= $data;
#return packet
return $packet;
}
Sure enough, it's the referrer! That's rather odd, I suppose it has to do with the POST attribute. This packet works just fine:
POST /index.php HTTP/1.1
Host: www.hellboundhackers.org
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)
Referer: http://hellboundhackers.org/forum/viewthread.php
Content-type: application/x-www-form-urlencoded
Content-length: 0
Set-Cookie: REMOVED
test=test
Well, yes you have to login in to access http://www.hellboundhackers.org/challenges/timed/index.php but you can access subdirectories without being logged for referer I use Modify Headers in Firefox
rumburak wrote: Well, yes you have to login in to access http://www.hellboundhackers.org/challenges/timed/index.php but you can access subdirectories without being logged for referer I use Modify Headers in Firefox
Seeing as my PHP script is crafting the packet and not firefox, I doubt a firefox addon would be much help.
And, obviously you have to be logged in. That's why I set to cookie in the packets. I just didn't add the atual cookie there for obvious reasons.
For timed 2, as an example :
$header = array(); $header[] = "REFRER: http://hellboundhackers.org/challenges/timed/timed2/index.php"; $header[] = "Cookie: <yourcookiehere>"; ect…etc… //rest of code curl_setopt($curl, CURLOPT_HTTPHEADER, $header); //That'd be better than defining the referer in cURL.
Once again, I don't need and won't use cURL. It doesn't give me the control over my packet content that I want. I'm drafting the packets myself. And, my connection is fine, I'm requesting pages fine, now I just need to write the regex code to finish the challenge, and I'm damned lazy and have a report to finish up today.