lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4416E7E5.4030809@csuohio.edu>
Date: Tue Mar 14 15:58:08 2006
From: michael.holstein at csuohio.edu (Michael Holstein)
Subject: strange domain name in phishing email

> Octal with eights in it?? As mentioned, it works works fine with 
> IE6 if you remove the final /

No. it was decimal.

FWIW, here's a quickie way to convert between the 3 
(hex,decimal,dottedquad) -- all of which work in URLs.

Also .. the security zone bypass trick I mentioned earlier is 
accomplished by doing \\(decimalIP) in a link within HTML. IE used to 
treat that as "trusted sites" and would automatically submit credentials 
if requested by the remote side.

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

--snip--

#!/usr/bin/perl
# Perl script to convert between numeric and dotted quad IPs.
# credit to Paul Gregg for this (found on Google somewhere)
while (<STDIN>) {
   chomp; $input = $_;
   if (/\./) {
     ($a, $b, $c, $d) = split(/\./);
     $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3);
   } else {
     $decimal = $_;
     $d = $_ % 256; $_ -= $d; $_ /= 256;
     $c = $_ % 256; $_ -= $c; $_ /= 256;
     $b = $_ % 256; $_ -= $b; $_ /= 256;
     $a = $_;
   }

   if ( ($a>255) || ($b>255) || ($c>255) || ($d>255) ) {
     print "$0: Invalid input: $input\n";
   } else {
     printf ("Address: %d.%d.%d.%d is %u  (Hex:%02x%02x%02x%02x)\n",
  $a,$b,$c,$d, $decimal,$a,$b,$c,$d);
   }
}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ