Re: [PEN-TEST] websence bypass ?

["Lightsey, Jeff" <Jeff.Lightsey () LYONDELL COM>]

Ed,

This method is great however it will not work if you are using proxy
servers.

www.checkyoursix.com

> -----Original Message-----
> From: Ed Rolison <ed.rolison () BYZANTIUM COM>@LYONDELL
> Sent: Thursday, April 26, 2001 9:59 AM
> To:   PEN-TEST () SECURITYFOCUS COM
> Subject:      Re: [PEN-TEST] websence bypass ?
>
>  <<...OLE_Obj...>>
> > You can sometimes add :80 to the end of a url http://www.yahoo.com:80
> > You can also use the ip address of the webserver http://xxx.xxx.xxx.xxx
> > Maybe even add a :80 to the end of the ip url.
> > There is also a way to convert the ip address into a number string, I
> have
> > to go talk to some
> > people to remember how to do that one, but email me back so that I
> remember.
> > Tony
>
> Converting to a numeric value is done by 'pretending' that the dotted quad
> is a
> base 256 number. Thus the first byte is multiplied by 256*256*256, the
> second by
> 256*256 the third by 256 and the last is not multiplied at all. Add these
> up and
> then try and connect to it using that number.
>
> 66.38.151.10
> = 66 * 256 * 256 * 256
> + 38 * 256 * 256
> + 151 *256
> + 10
> = 1109825290
>
> Can then connect to this as http://1109825290 apparantly that'll skip past
> a
> number of validators which check against IP and 'name'
>
> (Or you could just use an IP-to-DWORD calculator such as that on
> http://www.fichtner.net/tools/ip2dword/
> More info: http://www.pc-help.org/obscure.htm )
>
> --
> Ed Rolison
> System Administrator


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.


www.mimesweeper.com
**********************************************************************