You are currently browsing the monthly archive for March, 2007.
[Edited] This is the shit (:
Yesterday while chatting at SmashTheStack irc network dusty came up with an interesting PHP easter egg I was unaware of so appending these strings to the url you can get different combos:
?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP Credits
?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - Zend Logo
?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP Logo
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - Easter Egg
Till here everything looks normal but what about if we could use that easter eggs to get info from the server? Each PHP version as ssorg pointed has different credits, but these don’t change that much from version to version so here’s when NNP said that he had heard about this easters eggs time ago and as far as he remembers there was a tool that took profit of this to get info about the PHP running version.
Researching at google I finished at this page where I could take interesting info, seems that the images you get with ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 vary from version to version so we can distinguish 5 different images, but hell we’re still in the same case, only 5 images and “loads” of versions but going deep on this seems that version and more interesting info is sent by headers so this is the info I took from 0php:
PHPCODER GUY WITH BREADSTICKS (Thies C. Arntzen):
PHP Version 4.0.1pl2
PHP Version 4.1.2
PHP Version 4.2.2
BROWN DOG IN GRASS:
PHP4u Version 3.0, Based on PHP-4.3.2
PHP Version 4.3.2
PHP Version 4.3.3
PHP Version 4.3.8
PHP Version 4.3.9
PHP Version 4.3.10
BLACK SCOTTISH TERRIER DOG:
PHP Version 4.3.11
PHP Version 4.4.0
PHP Version 4.4.1
PHP Version 4.4.2
PHP Version 4.4.3
PHP Version 4.4.4
PHP Version 5.0.5-2ubuntu1.1
PHP Version 5.0.5-pl3-gentoo
PHP Version 5.1.0
PHP Version 5.1.2
RABBIT:
PHP Version 4.3.1
PHP Version 5.0.0
PHP Version 5.0.3
COLORED PHP LOGO:
PHP Version 5.1.4
PHP Version 5.2.0
I couldn’t find any tool that does this kind of “fingerprinting” so I might be coding one sooner or later depending on my spare time and needs.
ssorg also keeps track of this at this post.
For us who like computers there’s something called wargames. A wargame is a set of challenges usually organized by different difficulty levels in where you have to solve as many challs as possible just for the fact of fun. It’s a good way to spend your spare time (if you have) and it also helps you to check your knowledge and learn new things apart of improving your analytical skills.
Wargaming sites tend to have different types of challenges in, some are exclusively dedicated to one kind of challange. There are different kinds of challanges:
- Web and shell based ones may be the most interesting from my point of view since this are the ones that look more realistic. In this you either break into some restricted area, check for some admin slovenliness, etc (web) or have to scale privileges exploiting some bugged programs launched by users with higher privileges (shell).
- At cryptography ones as you might guess you’re given a cryptogram, sometimes few hints, and you just have to guess the ciphering method, decrypt it and find the “secret word/message”.
- Coding challenges consist of an enunciate describing you an algorithm/process and you have to code a tool that does it. Several coding challenges sites check the efficiency of the algorithm by checking the time elapsed and the resources used.
- Steganography challenges consist of a file, usually an image, in which like cryptograms you have to find secret words/messages. This tend to be harder than cryptograms it’s recommended to have some hex editors around.
- I think it’s quite obvious what you have to do with Cracking ones, you have to crack or reverse engineer the binary in order to get the algorithm that makes the keys valid then get the magic word, code a keygen, a patch, etc, that depends.
Often wargaming sites include logic and science games as a complement for the other challenges. Some others also include tests where you can check your knowledge and might also improve your gathering skills.
This is a list of the wargames I used to play, I play or ever planned to:
http://yoire.com
http://bright-shadows.net
http://intruded.net
http://quiz.ngsec.com
http://hackquest.de
http://pulltheplug.org
http://osix.net
http://www.programming-challenges.com
http://smashthestack.org
http://mathschallenge.net
