HTTP read + POST (12)

1 Name: Sky Eye!fsXRziHFZE 2005-08-30 16:46 ID:ig9i9S/L

I got a little problem with some application, i'm want to make a script that reads hash information on some site, and then POST the information using HTTP protocol to another site. The problem is that this hash is using somekind of IP hash. So the hash will be differ from each computers. This application must run from a website, because i need a much different IP. And for that i will use my forum, to generate ip list. because everyday traffic is quite enough to generate much ip.

I tried java applet, but java security won't allow to read file that outside it's own server. So i can't get the hash. And also i can't post it to another server.

PHP, ASP, JSP, you named it, all cannot worked, because it's all get the information from the server side, and will return the same hash, whoever opened the page.

Any Ideas?

2 Name: !WAHa.06x36 2005-08-30 23:00 ID:/gPMcsgz

Java can connect to other servers if you explicitly ask for permission, but why are you doing that in the first place? If there's an IP-specific hash, it's probably not meant to be sent around anyway.

3 Name: Sky Eye!fsXRziHFZE 2005-08-31 03:44 ID:4yqeIxbc

Actually now i'm playing an online web-based games.

http://www.herowar.com/recruit.phtml?id=1

When you see the source. you'll find a code like this one.

<form action=recruit.phtml method=post>
<input type=hidden value=1cae09a75847c120d7b16eecf8c1dd49 name=`>
<input type=hidden value=1 name=id>
</form>

The hash , i presume is the taken from IP + date, kinda like this one, md5(curDate + curMonth + curYear + ip); Md5 cracking is taking a lot of time. So i want to take the hash, and repost it.

4 Name: #!usr/bin/anon 2005-08-31 10:09 ID:imRSDDLU

Watch out for cookies. Most probably it's a session number. Get a new cookie for each request with your server then scrape the hash. Post different values for variables, try many things it can't be just ip based.

5 Name: #!usr/bin/anon 2005-08-31 10:11 ID:imRSDDLU

>>4
I FAIL TO ADD also that if it's online game, the hash is probably for the user/player logged in (SESSIONID)

6 Name: Sky Eye!fsXRziHFZE 2005-08-31 15:53 ID:4yqeIxbc

>>4 >>5

I have done some research though ^^, my hash is same for all the day, and same with my friend on the same internet (he lives upstair, use the same internet sharing, means same ip, diffrent user name, different browser, and different OS Version). And i get the different result for another day, and also happen to my other friend. So my conclution is still IP + date, but, i still can't find the combination.

7 Name: Sky Eye!fsXRziHFZE 2005-08-31 15:53 ID:4yqeIxbc

>>4 >>5

I have done some research though ^^, my hash is same for all the day, and same with my friend on the same internet (he lives upstair, use the same internet sharing, means same ip, diffrent user name, different browser, and different OS Version). And i get the different result for another day, and also happen to my other friend. So my conclution is still IP + date, but, i still can't find the combination.

8 Name: Sky Eye!fsXRziHFZE 2005-08-31 15:54 ID:4yqeIxbc

>>4 >>5

I have done some research though ^^, my hash is same for all the day, and same with my friend on the same internet (he lives upstair, use the same internet sharing, means same ip, diffrent user name, different browser, and different OS Version). And i get the different result for another day, and also happen to my other friend. So my conclution is still IP + date, but, i still can't find the combination.

9 Name: Sky Eye!fsXRziHFZE 2005-08-31 15:54 ID:4yqeIxbc

>>7

Sorry for double posting T_T. My internet kinda lag. please delete it

10 Name: #!usr/bin/anon 2005-08-31 18:51 ID:cQuAxGvR

I'm confused, same hash used for different computers? I think this way you can really cheat in the game good. You have catched a bug waiting to be exploited.
But try clearing all cookies in your browsers and try again. Maybe you'll get different hash.

11 Name: #!usr/bin/anon 2005-09-01 03:37 ID:RSOpIMLr

if you can tell your users to lower their security settings, XMLHTTP can do client-side GET and POST to any URL via http.

12 Name: Sky Eye!fsXRziHFZE 2005-09-01 04:01 ID:zzCuD2qu

>>11

XMLHTTP? thanks, i'll research on that ^^ Muach

This thread has been closed. You cannot post in this thread any longer.