Penetration Testing mailing list archives
Re: [PEN-TEST] websence bypass ?
From: "Lightsey, Jeff" <Jeff.Lightsey () LYONDELL COM>
Date: Tue, 8 May 2001 09:04:08 -0500
Ed, This method is great however it will not work if you are using proxy servers. www.checkyoursix.com
-----Original Message----- From: Ed Rolison <ed.rolison () BYZANTIUM COM>@LYONDELL Sent: Thursday, April 26, 2001 9:59 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] websence bypass ? <<...OLE_Obj...>>You can sometimes add :80 to the end of a url http://www.yahoo.com:80 You can also use the ip address of the webserver http://xxx.xxx.xxx.xxx Maybe even add a :80 to the end of the ip url. There is also a way to convert the ip address into a number string, Ihaveto go talk to some people to remember how to do that one, but email me back so that Iremember.TonyConverting to a numeric value is done by 'pretending' that the dotted quad is a base 256 number. Thus the first byte is multiplied by 256*256*256, the second by 256*256 the third by 256 and the last is not multiplied at all. Add these up and then try and connect to it using that number. 66.38.151.10 = 66 * 256 * 256 * 256 + 38 * 256 * 256 + 151 *256 + 10 = 1109825290 Can then connect to this as http://1109825290 apparantly that'll skip past a number of validators which check against IP and 'name' (Or you could just use an IP-to-DWORD calculator such as that on http://www.fichtner.net/tools/ip2dword/ More info: http://www.pc-help.org/obscure.htm ) -- Ed Rolison System Administrator
********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. www.mimesweeper.com **********************************************************************
Current thread:
- Re: [PEN-TEST] websence bypass ? Lightsey, Jeff (May 11)