URL Obfuscation With @

1. URL Obfuscation With @ • What is the format of a URL? [protocol]://[user@]system[:portnum]/file • If we are accessing a web site… • Protocol is http • User is blank and port number is blank (defaults to 80) • Therefore, we get something like: • http://www.microsoft.com • Hide real destination inside the URL: • http://www.microsoft.com&item=q122134@www.phrack.org

2. Messin’ with IP Addressin’ • How about using a hidden IP Address instead of domain name? • http://www.microsoft.com&item=q122134@198.78.66.6 • How about using decimal representation of IP Address instead of dotted quad? • Convert w.x.y.z using: w*256**3+x*256**2+y*256+z • http://www.microsoft.com&item=q122134@3327017478 • How about using the hex representation of IP Address instead of dotted quad? • http://www.microsoft.com&item=q122134@0xc64e4206 • http://www.microsoft.com&item=q122134@0xc6.0x4e.0x42.0x06 • Don’t forget Octal!

3. URL Obfuscation Using URL Encoding • How about using hex representation of ASCII domain name? • http://www.microsoft.com&item=q122134@%77%77%77%2E%70%68%72%61%63%6B%2E%6F%72%67 • How about using a hex representation of the @ symbol (%40)? • http://www.microsoft.com&item=q122134%40%77%77%77%2E%70%68%72%61%63%6B%2E%6F%72%67 • Ouch! That last one hurts!