Full Disclosure mailing list archives
Re: strange domain name in phishing email
From: "Alice Bryson" <abryson () bytefocus com>
Date: Wed, 15 Mar 2006 09:27:41 +0800
hi there It is very strange thing. I have done the following tries. trying result http://172.21.12.250 success http://2887060730 failed http://2887060730/ failed telent 2887060730 80 failed ping 2887060730 success http://1406379699(phishing web site mentioned by Jianqiang Xin ) success http://1406379699/(phishing web site mentioned by Jianqiang Xin ) success Could anyone give me some idea? Thanks. 2006/3/14, Michael Holstein <michael.holstein () csuohio edu>:
Octal with eights in it?? As mentioned, it works works fine with IE6 if you remove the final /No. it was decimal. FWIW, here's a quickie way to convert between the 3 (hex,decimal,dottedquad) -- all of which work in URLs. Also .. the security zone bypass trick I mentioned earlier is accomplished by doing \\(decimalIP) in a link within HTML. IE used to treat that as "trusted sites" and would automatically submit credentials if requested by the remote side. Cheers, Michael Holstein CISSP GCIA Cleveland State University --snip-- #!/usr/bin/perl # Perl script to convert between numeric and dotted quad IPs. # credit to Paul Gregg for this (found on Google somewhere) while (<STDIN>) { chomp; $input = $_; if (/\./) { ($a, $b, $c, $d) = split(/\./); $decimal = $d + ($c * 256) + ($b * 256**2) + ($a * 256**3); } else { $decimal = $_; $d = $_ % 256; $_ -= $d; $_ /= 256; $c = $_ % 256; $_ -= $c; $_ /= 256; $b = $_ % 256; $_ -= $b; $_ /= 256; $a = $_; } if ( ($a>255) || ($b>255) || ($c>255) || ($d>255) ) { print "$0: Invalid input: $input\n"; } else { printf ("Address: %d.%d.%d.%d is %u (Hex:%02x%02x%02x%02x)\n", $a,$b,$c,$d, $decimal,$a,$b,$c,$d); } } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Homepage:http://www.lwang.org We collect spam for research at: mailto:abryson () bytefocus com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: strange domain name in phishing email, (continued)
- Re: strange domain name in phishing email gboyce (Mar 15)
- Re: strange domain name in phishing email Jianqiang Xin (Mar 15)
- Re: strange domain name in phishing email Julien GROSJEAN - Proxiad (Mar 14)
- Re: strange domain name in phishing email Q Beukes (Mar 15)
- RE: strange domain name in phishing email Edward Pearson (Mar 14)
- RE: strange domain name in phishing email auto62996 (Mar 14)
- Re: strange domain name in phishing email Michael Holstein (Mar 14)
- Re: strange domain name in phishing email sheeponhigh (Mar 14)
- Re: strange domain name in phishing email Dave Korn (Mar 15)
- Re: Re: strange domain name in phishing email Michael Holstein (Mar 15)
- Re: strange domain name in phishing email Michael Holstein (Mar 14)
- Re: strange domain name in phishing email Alice Bryson (Mar 14)
- Re: strange domain name in phishing email James Longstreet (Mar 15)
- Re: strange domain name in phishing email Dave Korn (Mar 16)
- Re: Re: strange domain name in phishing email Valdis . Kletnieks (Mar 16)
- Re: Re: strange domain name in phishing email Steve Kudlak (Mar 16)