Sunday, August 19, 2007

History of hAcKiNg

After a longgg time had some time to vetti browsing :) Down below is quite a interesting documentary on the topic.

My take on this, black or white hat, he is just curious (hmm may be little bit too much). Whatever! Here is one of my recent discovery, hole in e.p.a.p.e.r edition of The H>i>n>d>u, deciphering the filenaming took less than 5 mins from start to finish, i think i talked about this hole in one of my prev post; servers change, hole remains.

Few months back, in a IIS7 feature demo there was one interesting item that i can recollect; a managed module for all IIS requests (even for static files); so theoretically i can write a HTTPModule to validate authentication and serve as gate keeper of any IIS requests.

url:
http://e^p^aper.theh^indu.com/pdf/YYYY/
MM/DD/YYYYMMDD?_###$$$.pdf
ex:
http://e^p^aper.theh^indu.com/pdf/2007/
08/19/20070819A_001101.pdf

take out ^ char in the url

? -> content
A --main paper
B --metropulse
C --opportunities or second supplement
T --may be special supplement

### -> running page number

$$$ -> edition
101 - chennai
102 - delhi
103 - hyd

batch download with flashget completes the square. Ok now goes the documentary,



Do i know you ???
I don't think so !!!