First of all I tried looking at page's source code but got nothing there. Well, if we have to get the password, let's try some URL like the following, to see what we get:
http://www.trythis0ne.com/levels/web-challanges/1337B/password.phpAll of them but the last failed. On the last one we get the following:
http://www.trythis0ne.com/levels/web-challanges/1337B/login.php
http://www.trythis0ne.com/levels/web-challanges/1337B/passwd.php
http://www.trythis0ne.com/levels/web-challanges/1337B/signin.php
http://www.trythis0ne.com/levels/web-challanges/1337B/pwd.php
Err: Only 1337Browser_V3.1 users can see this page.OK, now those information about the 1337Browser makes sense. Only people using the 1337Browser_V3.1 can see the pwd.php page but HOLD ON, that's a fictitious browser, how can we pretend we're using a browser that does not even exist? The information about the browser you're using comes from a property called "user agent".
You can get more information about that here.
There's a technique called 'Browser Spoofing' that consists on modifying the "user agent" property in order to fake what browser you're using.
There're some plugins, like this, that can change this information, but you can also modify it by hand, if you're using Firefox you can go to the URL 'about:config', that's a page where you can see, modify and include property values. Once on that page, right click and choose create new option -> string, fill out the first form displayed with "general.useragent.override" and press OK, then fill out the another form with "1337Browser_V3.1" that's the name of the browser we want pretend we're using.
Then go to pwd.php page again, there'll be the password for you.
No comments:
Post a Comment