HellBound Hackers
Join us at IRC!
It is never to LATE to become what you never WERE.
Thursday, May 24, 2012
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Members Online
Total Online: 30
Web Spiders: 14
Guests Online: 29
Members Online: 1
TheGreek

Registered Members: 70189
Newest Member: CrownClown
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming
Author

IP Blocker
xof
Member

Posts: 17
Location:
Joined: 27.02.10
Rank: Wiseman
Posted on 12-05-10 16:40
Hey everyone. A client of mine has a scblockedript which uses cURL to login to a site and then echo back some info back to his site. He said it's been working fine for the last couple of months, but now he's having some problems.

The site he's trying to query has added a token, but obviously that's pretty easy to bypass. For some reason, whenever I try to login with cURL, I either get blocked from the site or just get a blank page back. I've spoofed a referrer, user agent, and headers, but no luck.

Do you guys have any ideas what's up? Here's part of my code.

<?php
$proxy = "221.130.13.41:80";
$headers = array (
'HTTP_ACCEPT' => 'application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
'HTTP_ACCEPT_LANGUAGE' => 'en-us,en;q=0.5',
'HTTP_ACCEPT_CHARSET' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'HTTP_KEEP_ALIVE' => '300',
'HTTP_CONNECTION' => 'keep-alive',
);

//get token
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_URL,'http://www.asdf/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://sadf/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
$result = curl_exec($ch);
curl_close($ch);

preg_match('/document\.write.{67}/',$result,$match);
$token = trim(str_replace("'); document.write('",'',str_replace("document.write('<input name=\"",'',$match[0])));
echo $result;

//login
$post = "$token=lgn&username=asdf&password=asdf&submit=Submit";
$ch = curl_init();
curl_setopt($ch,CURLOPT_HTTPPROXYTUNNEL,0);
curl_setopt($ch,CURLOPT_PROXY,$proxy);
curl_setopt($ch, CURLOPT_HTTPHEADER,$headers);
curl_setopt($ch,CURLOPT_URL,'http://www.asfd/login.html');
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_REFERER,'http://asdfa/index.html');
curl_setopt($ch,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
$result2 = curl_exec($ch);
curl_close($ch);

echo $result2;
?>
Author

RE: IP Blocker
xof
Member

Posts: 17
Location:
Joined: 27.02.10
Rank: Wiseman
Posted on 12-05-10 20:32
Are you really that dense, Moshbat?

Obviously the other site noticed that my client was cURLing (yes, I can make up words) and then made some form of an authentication on his end to tell if it's a computer or a person. He added a token, which I can easily bypass with just simple regex, but there must be another validation he is using. I can make a request once, which will go through fine, but then when I try again, my IP is blocked.

At first I though he was checking if there were valid headers/user agent/refferer and if that check failed, he would block your IP, but that doesn't seem to be the problem.

Well, that's obviously a code issue.


So yes, Moshbat, there obviously is an issue with the code if it's not doing what is intended. My question is: What could that issue be?
Author

RE: IP Blocker
xof
Member

Posts: 17
Location:
Joined: 27.02.10
Rank: Wiseman
Posted on 12-05-10 21:17
Yes, the code itself is working fine, but it's just not doing what I want.

I'd rather not post the URL on the forum, may I PM you?
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 

 

Links

Anime Wallpaper Site
By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2008- 2009. Since 3rd December 2004.

20607845 Unique Visits

Powered by HBH-Fusion