What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-11

TRY2HACK - Level 7

Description:

LEVEL 7

Browser check: Sorry, but you must use Microsoft Internet Explorer 7.66

Solution:
  1. When we enter this challenge page, we can see the message like above. The first thought appeared in our mind is to change the User-Agent. Let's do it!
  2. I use Chrome Developer Tools to modify the default value of User-Agent. Make the description equals to "Mozilla/5.0 (Windows; U; MSIE 7.66; Windows NT 6.0; en-US)".
    You can find all user-agent description in this website
    http://www.useragentstring.com/

  3. Refresh the page. But this time the page shows us another message like below.
    LEVEL 7

    Browser check: OK!

    OS check:Sorry, but you must use a unix or linux system
  4. Hmmm... Alright, it seems that  the web server also checks the keyword of 'linux'. Make the description equals to "Mozilla/5.0 (Windows; U; MSIE 7.66; Windows NT 6.0; en-US; LINUX)".
  5. Refresh the page and ... WTH! -.- Another message was displayed in the page like below.
    LEVEL 7

    Browser check: OK!

    OS check:OK!

    Link check:Sorry, but you must get here from a link on the page:
    http://www.microsoft.com/ms.htm
  6. Okay, that means not only the User-Agent field in HTTP header we need to modify it, but also including the Referer field.
  7. Actually, we can get all the stuff done with the nc (Netcat) tool.
    Example:
    root@sp:~# nc www.try2hack.nl 80
    GET /levels/level7-xfkohc.php HTTP/1.1
    Host: www.try2hack.nl
    User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.66; Windows NT 6.0; en-US; LINUX)
    Referer: http://www.microsoft.com/ms.htm
    CRLF
    CRLF
  8. In the end, we got the link and message like below. It's done!
    LEVEL 7

    Browser check: OK!

    OS check:OK!

    Link check:OK!


    Level 8 -> level8-balnrg.xhtml

No comments:

Post a Comment