Kodewerx

Our culture has advanced beyond all that you could possibly comprehend with one hundred percent of your brain.
It is currently Thu Mar 28, 2024 2:24 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 20 posts ] 
Author Message
PostPosted: Sun May 02, 2010 8:31 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon May 21, 2007 1:04 pm
Posts: 441
Location: Down the Street
Title: Mr. Mime
does anyone know how i can bypass the internet block?

my school uses websense.

_________________
Image
Image
Image
NDS Hacker


Top
 Profile  
Reply with quote  
PostPosted: Mon May 03, 2010 12:38 am 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Use a web proxy with HTTPS.

Web proxies are hard to blacklist (especially if you host your own), and HTTPS makes it impossible for any "censorware" crap to snoop on what you're doing.

The only way these things can be blocked effectively is a whitelist (default deny!).

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Wed May 05, 2010 2:21 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon May 21, 2007 1:04 pm
Posts: 441
Location: Down the Street
Title: Mr. Mime
they have also blocked any website with HTTPS...

_________________
Image
Image
Image
NDS Hacker


Top
 Profile  
Reply with quote  
PostPosted: Wed May 05, 2010 4:27 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Cool, they broke the web.

You can always tunnel HTTPS through port 80. Let's see them block that!

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Sat May 08, 2010 8:49 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon May 21, 2007 1:04 pm
Posts: 441
Location: Down the Street
Title: Mr. Mime
How would I go about doing that?

_________________
Image
Image
Image
NDS Hacker


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 06, 2010 11:02 am 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
a) Set up an HTTPS proxy, change port to 80; or:
b) Kick the ass of the retard who did that in the first place.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 15, 2010 11:18 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon Jun 09, 2008 12:25 pm
Posts: 217
Location: Earth, I think
Parasyte wrote:
You can always tunnel HTTPS through port 80. Let's see them block that!

They've done that at my school.

_________________
DO NOT CLICK HERE. YOU HAVE BEEN WARNED
Got a PS3? PM me your PSN.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 15, 2010 4:34 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Oh? That's interesting, considering it's pretty much impossible.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 17, 2010 3:06 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon May 21, 2007 1:04 pm
Posts: 441
Location: Down the Street
Title: Mr. Mime
Parasyte wrote:
Oh? That's interesting, considering it's pretty much impossible.


Well I know that they've blocked it at my school too.

_________________
Image
Image
Image
NDS Hacker


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 18, 2010 11:06 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon Jun 09, 2008 12:25 pm
Posts: 217
Location: Earth, I think
Parasyte wrote:
Oh? That's interesting, considering it's pretty much impossible.


It's not.
My school connect to a government proxy through port 8080. I know they haven't blocked all the ports 'cos I've used port 43594. But they've definitely blocked port 80. Also, now that my school have Firefox (with no flash :|), me and my friend are probably the only "students" who know what to change the proxy to. And if you change the proxy to a port 80 one it doesn't work. In-fact so far changing it to any proxy doesn't work.

After finding this out, A very cool ICT teacher join'd and told us a little about the schools filtering. He said changing the proxy won't work because its an internal proxy.

I have seen some other weird school computer stuff too. If you want me to say more?

_________________
DO NOT CLICK HERE. YOU HAVE BEEN WARNED
Got a PS3? PM me your PSN.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 18, 2010 5:09 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Internal proxies are fine. How do you get to Google if not through port 80? I mean, why would you even have a web browser installed at all if outgoing connections to port 80 were blocked?

I have a dynamic DNS setup for my LAN at home, so that I can get to everything on it while I'm out. Right now, my firewall just forwards port 80 to my OpenBSD server (Apache), so it's only serving standard HTTP. But I can easily ssh to it (since port 22 is also forwarded to the OpenBSD server) and change the Apache configuration to listen for HTTPS on port 80. With this kind of service in place, I can get to any website in the world, including blacklisted sites; torrent sites, porn sites, whatever... through an internal [corporate, educational, private] proxy.

Let's say I'm at your school, and they have this setup with Firefox connecting to their internal proxy (which does *all kinds* of wonderful content-level filtering, by the way ... blocking evey site that ever mentions keywords like "torrent" or "porn"). My dynamic DNS service is actually kodewerx.pwnz.org, and if I had the HTTPS-over-port-80 setup (as explained above, I don't) then I would only have to connect to https://kodewerx.pwnz.org:80/ and I would foil the content-level filtering of that internal proxy. (This also assumes I'm running a CGI/PHP [web-based] proxy on my server, which I am not.)

Why? Well, for one, proxy admins like to limit or completely disable HTTPS connections, because they are impossible to reliably snoop on. Just connecting to kodewerx.pwnz.org over port 443 (HTTPS) might be a red-flag, and they could blacklist all connections to that IP. HTTPS-over-port-80 is very unusual, though. Port 80 carries (in nearly all cases) an unencrypted HTTP session. To have an HTTPS session tunneled through port 80 means that that internal content-filtering proxy is only ever going to see a scrambled mess of data, instead of any content that ends up at your browser.

It doesn't stop there, though! Unless that proxy is also acting as your *only available* DNS server, chances are that the proxy will never actually know that your connection is going to a domain called "kodewerx.pwnz.org" anyway. It will only know that you are reaching an "HTTP" service hosted on a private IP address; and that IP address cannot be reverse-looked up to "kodewerx.pwnz.org". This is the real beauty of dynamic DNS; not only can I create as many of these as I want (endless numbers of subdomains on countless domains), but I can be assured that my real IP, when looked up, will never resolve back to any of those domains.

And when my IP is blacklisted? I whip out my iPhone, connect to it over the cellular network, force it change my IP (it is dynamic, after all, why not have a script to actually *request* it to change?) and 5 seconds later, "kodewerx.pwnz.org" (and all my other dynamic DNS domains) point to a different IP. Ad infinitum.


The only thing that can stop this is:
  • an IP whitelist (which breaks the entire internet -- so you're unlikely to encounter this situation if you can reach *any* common website like Google)
  • a blacklist over your ISP's entire IP range (ouch! well you do have shell accounts elsewhere, right? I do, lol)
  • a *really* smart filtering proxy that knows exactly what is being sent over port 80, and can naturally adapt to it. (I would be personally impressed if any IT outfit has a configuration like this in place that actually works -- in all cases.)

I reiterate my previous statement: That's interesting, considering it's pretty much impossible [to keep you from reaching the websites you wish].

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 19, 2010 11:07 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon Jun 09, 2008 12:25 pm
Posts: 217
Location: Earth, I think
Hmm...
Well, I remember when you switched hosts (I think), Kodewerx started to work again at my school. (I then fooled my friend, telling him I found a way to Un-filter websites lol)
At my school, I've come across 3 different looking "This website is blocked". So I guess theres 3 things filtering. (Which I know)
- Government Proxy
- Schools RM CC3
- Schools SECURUS (I think)

Also, If your lucky, when internet explorer tells you that "This website blocked by your administrator" (4th method?), It shows "a" proxy. I'll post it here once I get it down.

Also, I know that the filtering done by the school can easily be bypassed by entering the IP of the website instead, but then they can just block the IP too. Or if your skilled like me 8-) , the school blocks websites after it has finished loading, so if your fast enough, you can quickly view the source with the correct button shortcut according to your browser, and then you just save the source as .(whatever) .

The most amazing thing is the government proxy. I've been on websites for maybe a few seconds strangely :!: , or maybe about half a min, and then its blocked "forever" (assuming someone finds a way around ).

_________________
DO NOT CLICK HERE. YOU HAVE BEEN WARNED
Got a PS3? PM me your PSN.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 20, 2010 11:00 am 
Offline
Komrade
Komrade

Joined: Sat Jan 27, 2007 6:18 pm
Posts: 2070
Location: Dothan, Alabama
Title: Derp
But the Internet is dynamic now. All data is pulled from a server and written into HTML markup with PHP (or whatever suits you). You can't just view source and save it.

viewtopic.php?p=77156#p77156

I actually tried this and it worked at my old school. I had to tweak it around to actually use the correct URL, but nonetheless it worked... until my school blocked my website. They blocked everything... sports, news, mail, and everything that was needed for the classes that needed the info.

_________________
Image
WWDD? - What Would Dale Do?


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 20, 2010 1:43 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon Jun 09, 2008 12:25 pm
Posts: 217
Location: Earth, I think
It does work.
I've done it loads of times. Maybe sometimes some pictures won't show up or worse.
And don't forget, I'm actually from the Uk (yeah!). So I don't think our internet is dynamic.

_________________
DO NOT CLICK HERE. YOU HAVE BEEN WARNED
Got a PS3? PM me your PSN.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 20, 2010 3:04 pm 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon May 21, 2007 1:04 pm
Posts: 441
Location: Down the Street
Title: Mr. Mime
I am not as well informed as most of you guys on here, especially para's post which blew my mind...

So how would I be able to get around this? Every time I find an open port, my school finds a way to block access to it.

_________________
Image
Image
Image
NDS Hacker


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 20, 2010 4:26 pm 
Offline
Krew (Admin)
Krew (Admin)
User avatar

Joined: Sun Oct 01, 2006 9:26 pm
Posts: 3768
Title: All in a day's work.
Just study networking. Particularly, the OSI model and TCP/IP model. After that, you should focus on the protocols which live in the Application Layer. Of particular interest are DNS, HTTP, HTTPS, and SSH. There are a few others of interest as well, for example: SSL/TLS.

If you want to take any classes, go for it, but avoid anything sponsored by Cisco or Microsoft.

With access to SSH (port 22), I've had success tunneling HTTP over SSH.

_________________
I have to return some video tapes.

Feed me a stray cat.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jun 20, 2010 8:25 pm 
Offline
Komrade
Komrade

Joined: Sat Jan 27, 2007 6:18 pm
Posts: 2070
Location: Dothan, Alabama
Title: Derp
DarkLegend wrote:
It does work.
I've done it loads of times. Maybe sometimes some pictures won't show up or worse.
And don't forget, I'm actually from the Uk (yeah!). So I don't think our internet is dynamic.


Dynamic as in it all loads off of a MySQL database. Example: How you are viewing this page.

Dynamic can also mean in Javascript to load a webpage into a webpage without leaving the webpage, typically known as AJAX.

Example: Twitter

_________________
Image
WWDD? - What Would Dale Do?


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 21, 2010 8:49 am 
Offline
Kommunist
Kommunist

Joined: Fri Feb 27, 2009 2:37 am
Posts: 9
Title: Agent 7444668993387224532
Hi, I'm the friend dark legend was talking about...
Our school is super cautious (not necessarily secure though) about internet usage...
They use RM Smart Cache, which funnily enough has a web based control panel... Only snag user and pass needed and admin with admin don't work...

I have actually got as far as loading YouTube, but none of the pictures worked and any links got to a blocked page...


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 21, 2010 11:29 am 
Offline
Kommunist
Kommunist
User avatar

Joined: Mon Jun 09, 2008 12:25 pm
Posts: 217
Location: Earth, I think
Smalls1652 wrote:
DarkLegend wrote:
It does work.
I've done it loads of times. Maybe sometimes some pictures won't show up or worse.
And don't forget, I'm actually from the Uk (yeah!). So I don't think our internet is dynamic.


Dynamic as in it all loads off of a MySQL database. Example: How you are viewing this page.

Dynamic can also mean in Javascript to load a webpage into a webpage without leaving the webpage, typically known as AJAX.

Example: Twitter


Oh.
*Rests hand on face*

_________________
DO NOT CLICK HERE. YOU HAVE BEEN WARNED
Got a PS3? PM me your PSN.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 25, 2010 4:42 pm 
Offline
Komrade
Komrade
User avatar

Joined: Tue Mar 27, 2007 6:23 pm
Posts: 1354
Location: Mario Raceway, 1509.831, 217.198, -564.429
Title: Mario Kart 64 Hacker
Parasyte wrote:
To have an HTTPS session tunneled through port 80 means that that internal content-filtering proxy is only ever going to see a scrambled mess of data, instead of any content that ends up at your browser.
Drop anything on port 80 that isn't an HTTP request/response or doesn't look like a common file type.

Of course, you could defeat that by running a proxy on the machine itself which tunnels any arbitrary protocol wrapped in what looks like an HTTP POST/reply with a JPEG header or similar.

_________________
Image 143
HyperNova Software is now live (but may take a few tries to load) currently down; check out my PSP/DS/Game Boy/Windows/Linux homebrew, ROM hacks, and Gameshark codes!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 20 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 126 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group