UserPreferences

HiddenLinking


This a page for funky stuff tried on www.ilovebees.com

Url stuff

If you try urls like this:

http://www.ilovebees.com/a/bla.html

http://www.ilovebees.com/bla/.html

you get an empty page back.

If you leave off the .html part you get the 404 page.

This happens for / \ and ~ (%2f %5c and %7e)


If you try urls like this:

http://www.ilovebees.com/a|b.html

http://www.ilovebees.com/a|.html

You will get a login prompt.

If you leave off the .html part you get the 404 page.

This happens for " %3f and | (%22 ? and %7c)


ilovebees is running ASP.NET

Note that

* .html * .gif * .jpg * .txt * .aspx

all have the same effect. These extensions are mapped on the server to applications (no other extensions I tried worked).

Since it considers .aspx an application extension I think it can be concluded that the server is running ASP.NET.

~ not necessarily. www.ilovebess.com/default.aspx returns a 404 and netcraft lists two Apache/mod_ssl/PERL/PHP servers and one Windows 2003/IIS server, so it's likely a multiserver farm. Apache is probably serving the bulk of the web pages, and it might have some ASP connectivity. --UserGunsmithCat 05:32, 10 Aug 2004 (PDT)

~ well, putting a |, ", \, ~, / or %3f in a url ending with one of these extensions triggers something other than a 404. Most likely all the extensions listed above are handed off to one or more applications running on the IIS server. Since no .php, .jsp, .cgi, .asp, or other extension causes the same reaction I assume they are using ASP.NET for the dynamic content handling (all .html, .gif, .jpg, .txt and .aspx requests get their response from such a dynamic handler. The 404 error page is also handled by an application as it is dynamic.) This knowledge is useless ofcourse, but it does provide some insight in the setup they're running. --UserKender 06:20, 10 Aug 2004 (PDT)


Internal Server Info

I grabbed the NTLM handshake message from the server when trying the login prompt mentioned above and decoded it.

The most important part of info is that I apparently ended up on a server with the internal address of 50472-WEB2.iad.intensive.int

Update: A lot of RackSpace hosted servers that have nothing to do with the game have a ***.iad.intensive.int internal name.--UserKender 06:48, 5 Aug 2004 (PDT)

This is the complete base64 decoded NTLM challenge message with my analysis:

4e544c4d53535000 NTLMSSP signature

02000000 Type 2 indicator

0600060038000000 Target Name Security Buffer:

05828902 Flags:

00752E88F7457192 Challenge

0000000000000000 Context

a600a6003e000000 Target Information Security Buffer

0502ce0e0000000f Unknown

490041004400 Target Name = IAD

0200 Domain name Subblock

0600 Length = 6

49004100400 Domain Name = IAD

0100 Server Name Subblock

1400 Length = 20

350030003400370032002d005700450042003200

0400 DNS Domain Name Subblock

2200 Length = 34

6900610064002e0069006e00740065006e0073006900760065002e0069006e007400

0300 DNS Server Name Subblock

3800 Length = 56

350030003400370032002d0057004500420032002e006900610064002e0069006e00740065006e0073006900760065002e0069006e007400

0500 Parent DNS Subblock

1a00 Length = 26

69006e00740065006e0073006900760065002e0069006e007400

00000000 Terminator

--UserKender 03:43, 5 Aug 2004 (PDT)


Something strange on the 404 page

I checked not all of them but a few and when you get the 404 error page it says "The server has not found anything matching the Request-URI." notice the mistake of UR"I" I dont know if this is relevant at all just thought I would through something in here as a new member. Also I think I remeber there being another mistake with and I instead of 1 somewhere else on this ARG.

*URIs

This document defines a way to encapsulate a name in any registered name space, and label it with the the name space, producing a member of the universal set. Such an encoded and labelled member of this set is known as a Universal Resource Identifier, or URI.

The universal syntax allows access of objects available using existing protocols, and may be extended with technology.

The specification of the URI syntax does not imply anything about the properties of names and addresses in the various name spaces which are mapped onto the set of URI strings. The properties follow from the specifications of the protocols and the associated usage conventions for each scheme.

*URLs

For existing Internet access protocols, it is necessary in most cases to define the encoding of the access algorithm into something concise enough to be termed address. URIs which refer to objects accessed with existing protocols are known as "Uniform Resource Locators" (URLs) and are listed here as used in WWW, but to be formally defined in a separate document .