Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: strange domain name in phishing email

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Tue, 14 Mar 2006 10:57:25 -0500
Octal with eights in it?? As mentioned, it works works fine with IE6 if you remove the final / 

No. it was decimal.
FWIW, here's a quickie way to convert between the 3 (hex,decimal,dottedquad) -- all of which work in URLs.
Also .. the security zone bypass trick I mentioned earlier is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as "trusted sites" and would automatically submit credentials if requested by the remote side. 

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

--snip--

#!/usr/bin/perl
# Perl script to convert between numeric and dotted quad IPs.
# credit to Paul Gregg for this (found on Google somewhere)
while (<STDIN>) {
  chomp; $input = $_;
  if (/\./) {
    ($a, $b, $c, $d) = split(/\./);
    $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3);
  } else {
    $decimal = $_;
    $d = $_ % 256; $_ -= $d; $_ /= 256;
    $c = $_ % 256; $_ -= $c; $_ /= 256;
    $b = $_ % 256; $_ -= $b; $_ /= 256;
    $a = $_;
  }

  if ( ($a>255) || ($b>255) || ($c>255) || ($d>255) ) {
    print "$0: Invalid input: $input\n";
  } else {
    printf ("Address: %d.%d.%d.%d is %u  (Hex:%02x%02x%02x%02x)\n",
 $a,$b,$c,$d, $decimal,$a,$b,$c,$d);
  }
}

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: