gaining acces to website with ip restrictions?

Discuss the many weaknesses of browser security and ways to mitigate the threat

gaining acces to website with ip restrictions?

Post by jake2891 on Sat Dec 18, 2010 2:32 pm
([msg=50693]see gaining acces to website with ip restrictions?[/msg])

how does one bypass such restrictions?
Code: Select all
<?php
$ip = $_SERVER['REMOTE_ADDR'];
if (preg_match('/^10\.10\./',$ip)){
    // can log in
    return true;
}

return false;

?>
jake2891
New User
New User
 
Posts: 4
Joined: Thu Nov 13, 2008 4:09 pm
Blog: View Blog (0)


Re: gaining acces to website with ip restrictions?

Post by Goatboy on Sat Dec 18, 2010 9:44 pm
([msg=50734]see Re: gaining acces to website with ip restrictions?[/msg])

10.10.0.0 is in the private address range, meaning you would need to have access to a computer on the local network.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2753
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: gaining acces to website with ip restrictions?

Post by jake2891 on Sun Dec 19, 2010 3:41 am
([msg=50759]see Re: gaining acces to website with ip restrictions?[/msg])

Thanks for the reply. are there any work arounds for this problem without actually getting access to a computer on the network? for example like if apacehe is configured incorrectly you can make the connection appear to becoming from inside the network?
jake2891
New User
New User
 
Posts: 4
Joined: Thu Nov 13, 2008 4:09 pm
Blog: View Blog (0)


Re: gaining acces to website with ip restrictions?

Post by Goatboy on Sun Dec 19, 2010 6:22 pm
([msg=50798]see Re: gaining acces to website with ip restrictions?[/msg])

You'd have to find an exploit for the specific version of Apache they are running, and unfortunately I don't know of any off the top of my head that would allow you to spoof an internal IP. That'd pretty badass. Not sure how the routing would work though.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2753
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: gaining acces to website with ip restrictions?

Post by Bren2010 on Sun Dec 19, 2010 9:22 pm
([msg=50803]see Re: gaining acces to website with ip restrictions?[/msg])

Assuming that there's no vulnerabilities in Apache like Goatboy said, you can't. That is, not without a DMZ server granting you access into the LAN.

For example, if I left something I need on my desktop at home, and I have a DMZ server running (*cough* http://plz.rewt.me/ *cough*) running, I can SSH into that, and SSH into my desktop computer and get what I need. However, without that, I'd be shit out of luck. See where I'm going with this?

I also suppose something along the lines of a Squid proxy, or even an unprotected browser proxy like Glype would work.
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests