Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 10


ghost's Avatar
0 0

What is the point of this exercise? Is it to find a proxy with an IP address that fall within the allowed range? That's realistic! I've seen some mention that it's an exercise in IP spoofing???? If that is your answer to this problem you better go back to networking 101 because you might be able to spoof your packet going to the server. I would really like for someone to explain how "htaccess" is determining your IP address. Is it deriving the address from the packets source address? Or is it using the HTTP headers? If anyone can give me a legitimate answer as to the point of this exercise I would appreciate it.


ghost's Avatar
0 0

My old ISP only let you look at ceratin parts of its site if you are one of its IP's. Also, it's just to help you work out a way to bypass a problem. Be it Ip spoofing Proxy or Isp's already done it, luck is major in hacking… Also do 3,4,5,6,7,8,9, before you complain about 10…


ghost's Avatar
0 0

I thought the point was to have fun :)


ghost's Avatar
0 0

That also lol


ghost's Avatar
0 0

0wned wrote: I thought the point was to have fun :)No, no fun here! Fun is not allowed here, ever, no exceptions!


ghost's Avatar
0 0

wolfmankurd wrote: My old ISP only let you look at ceratin parts of its site if you are one of its IP's. Also, it's just to help you work out a way to bypass a problem. Be it Ip spoofing Proxy or Isp's already done it, luck is major in hacking… Also do 3,4,5,6,7,8,9, before you complain about 10…

I'm sorry I didn’t realize that it was a rule to do these in order? I’m glad to see that you added some valuable comments here: “Be it Ip spoofing Proxy” please explain to me what the F*&# an IP spoofing proxy is? If you are referring to an ANONYMOUS PROXY then I would have to ask how that helps (outside of the fact that you get extremely lucky and find one in this range)? If you’re referring to spoofing your IP address then explain to me how you get responses from the server you’re attacking when the SOURCE address is not yours?????? My point in asking the initial question was obviously way above your head so it’s time for you’re to move along now….. If anyone has a legitimate answer I would like to here it. I’m looking more along the lines of what is htaaccess filtering off? Is it the source IP address of the packets? Google and the apache web site offer now answers.

And by the way wolfmankurd before you flame someone “Also do 3,4,5,6,7,8,9, before you complain about 10” maybe you should follow your own advice, dumb ass….


Mr_Cheese's Avatar
0 1

AmRnEmS wrote: And by the way wolfmankurd before you flame someone “Also do 3,4,5,6,7,8,9, before you complain about 10” maybe you should follow your own advice, dumb ass….

then perhaps you should do more than 1 and 2 before calling someone a dumbass, and acting like you know it all.

Just a thought.


ghost's Avatar
0 0

Mr_Cheese wrote: [quote]AmRnEmS wrote: And by the way wolfmankurd before you flame someone “Also do 3,4,5,6,7,8,9, before you complain about 10” maybe you should follow your own advice, dumb ass….

then perhaps you should do more than 1 and 2 before calling someone a dumbass, and acting like you know it all.

Just a thought.[/quote]

Never said I knew it all. I was just making the observation that wolfmankurd was so quick to point out, I did not complete all the sacred missions ooooooooooo…. I did not realize that was requirement????? And by the way completing these missions does not solidify your l33t hacking skills. I like to use these missions to learn something about pen testing, hacking, security, etc… AND ALL IM SAYING IS THERE IS NOTHING TO BE LEARNED FROM MISSION 10. PLEASE OH PLEASE TELL ME IM WRONG AND THAT THERE IS A POINT TO THIS MISSION (aside from it’s testing your thought process).


Mr_Cheese's Avatar
0 1

first off - grow up

secondly - yes you can learn from this mission, it teaches you to be anonymous and change your ip using a proxy etc. However, some can just pass this missions easiy if they are already in the IP range, admittedly for them this missoins is just a free 40 points. However for the people who arent in the IP range, it is a well earnt 40 points.


ghost's Avatar
0 0

Yes there is something to be learned. There is always something to be learned and if you can't see that, then tough. While the mission itself may be quite easy for some (incredibly easy for most), if you think about how the mission works, the ideas behind it, and the practical applications, then you might learn something.


n3w7yp3's Avatar
Member
0 0

its just a mission on anonyomus browsing.

and yes there is an IP spoofing proxy. ever hear of Check Point? it replies for internal systems, sending a response and spoofing the IP address.


ghost's Avatar
0 0

AmRnEmS wrote: And by the way wolfmankurd before you flame someone “Also do 3,4,5,6,7,8,9, before you complain about 10” maybe you should follow your own advice, dumb ass….

But I wasn't being a pussy about it there is no rule to do them in order it just helps to do more before you moan about anything, I didn't flame you did, I was merly suggesting that you do all else before you complain about a challenge. Also Ip spoofing is quite possible, in many ways. So in the word of a good friend of mine(cortney): "STFU, mother f**ker" ( damn she has a potty mouth)


ghost's Avatar
0 0

Grow up? There is always something to be learned and if you can't see that, then tough. Check Point?

Listen if you have nothing to add then don't respond, I've come to the conclusion that

  1. you must all be l33t hackers, I can tell this by the way you flame someone for asking questions
  2. Your right there is always something to be learned, and I've learned that you’re an idiot
  3. Check Point????? What does this have to do with IP spoofing? If you change your IP address (I mean really change it to an ip that you don't own, or better yet an IP that IBM owns) you will never I repeat never get a response from the server you sent the packet to. You use IP Spoofing only when you don't care to get the packet back. What you are referring to in stating "have you ever heard of check point" is that your check point (firewall) is performing NAT (network address translation) which basically takes your source IP address and replaces it with a global address. Now I know that this sounds like IP spoofing, (just wait I'm getting to my point) but its not. It's one thing to use a anonymous proxy to hide your IP address but it's quite another to spoof your address. Let me give you an example:

Real Source IP 192.1.1.2 - Spoof Source IP 10.10.21.1 - Destination IP 170.187.1.2

When the destination 170.187.1.2 receives your packet it will see the Source IP address as 10.10.21.1 (the spoofed one), so when it crafts it's SYN ACK packet that will be sent back to you what IP address do you think it will use? Answer 10.10.21.1, PROBLEM You don't own this address, so unfortunately you will never see the response! WOW! What? HUH? you say! But I spoofed the address, yes you did but when a l33t hacker spoofs his address its because he doesn’t care if he ever get a response from the server.

School's over:(


n3w7yp3's Avatar
Member
0 0

AmRnEmS wrote: Grow up? There is always something to be learned and if you can't see that, then tough. Check Point?

Listen if you have nothing to add then don't respond, I've come to the conclusion that

  1. you must all be l33t hackers, I can tell this by the way you flame someone for asking questions
  2. Your right there is always something to be learned, and I've learned that you’re an idiot
  3. Check Point????? What does this have to do with IP spoofing? If you change your IP address (I mean really change it to an ip that you don't own, or better yet an IP that IBM owns) you will never I repeat never get a response from the server you sent the packet to. You use IP Spoofing only when you don't care to get the packet back. What you are referring to in stating "have you ever heard of check point" is that your check point (firewall) is performing NAT (network address translation) which basically takes your source IP address and replaces it with a global address. Now I know that this sounds like IP spoofing, (just wait I'm getting to my point) but its not. It's one thing to use a anonymous proxy to hide your IP address but it's quite another to spoof your address. Let me give you an example:

Real Source IP 192.1.1.2 - Spoof Source IP 10.10.21.1 - Destination IP 170.187.1.2

When the destination 170.187.1.2 receives your packet it will see the Source IP address as 10.10.21.1 (the spoofed one), so when it crafts it's SYN ACK packet that will be sent back to you what IP address do you think it will use? Answer 10.10.21.1, PROBLEM You don't own this address, so unfortunately you will never see the response! WOW! What? HUH? you say! But I spoofed the address, yes you did but when a l33t hacker spoofs his address its because he doesn’t care if he ever get a response from the server.

School's over:(

yes all very true, but if you can accuratly predict the TCP sequence numbers, you will be able to send the ACK packet back to the server which will establish the connection (although it is a one way connection). i seem to recall somehting about this only working if you are on the same network as the target host…

i just briought up Check Point because if you hit a Check Point firewall from the internet, it'll look like the target host (the MAC address will never reach you to tip you off).

btw, anybody who is in need of a proxy list can find one at http://www.digitalcybersoft.com/proxylist/