Michael Wheeler

TheSkorm – Hazard perception test hacking

HPT (Hazard Perception Test) is a test to test your reaction time for hazards when driving. It is required for Queensland drivers to take the test to move from a P1 to P2 licence. The test is taken online where you are shown several one minutes videos, and you must click on the hazard as soon as you spot it. I always like to play around with online systems testing security so I gave this setup a shot. I used the practice tests to see how the system worked, and it was pretty easy to work out a way to cheat the system (like most online exams).

Since it was encrypted using HTTPS Wireshark was out of the question, however this doesn’t mean you can’t still see what’s happening. I found a nice tool called “Live HTTP headers” which shows you all the requests. The first thing I noticed is that the videos are preloaded. You can see all the requested URLs in Live HTTP headers.

To watch one of the videos before taking the test, all you have to do is grab the URL for it (see the screenshot above) and paste that into a new tab. The videos seem to be able to be downloaded at least twice. You can then watch the videos, and then take the exam, and know exactly what’s in the exam / video.

It’s not overly hard to do, and actually quite fun.

ssh kickz – blueDonkey

I like SSH and I like HTTPS, but some times I want SSH to run on port 443 (HTTPS port) so I can use it to get over corporate firewalls and/or school firewalls, depending on the time of year, which used to mean getting https, taking it up a steep hill and sacrificing it to the gods, while SSH was taking a spa in it’s $1.2 Billion luxury apartment.

Although today SSH and HTTPS have become friends with the help of sslh, which allows you to take the best of both worlds and run SSH and HTTPS on the same port with a little bit of haxing.

sslh can be downloaded from http://www.rutschle.net/tech/sslh.shtml and there is also a perl one, which isn’t all that good, that can be downloaded from http://search.cpan.org/~book/Net-Proxy-0.07/script/sslh .

The setup was pretty easy, however I did have a problem that took me longer than it should have to fix. I used my modem to change port 443 on the outside world to port 22 on the inside world and forgot to remove that rule, which ended up confusing the shit out of me.

Problems aside I now have SSL and HTTPS runing side by side without a problem and for a final note, yes this has been the most exciting thing that has happened to me in the last week, not including the job of installing and configuring 27 Cisco 8 port 3560 switches.

Dreamtilt for non Australian readers is a cheap dial-up ISP for Australia. Now being a fairly well established ISP you would think that they would have decent web coders for their user login parts of their sites. Think again, several weeks back I stumbled upon a poorly written login function on their site that allowed the use of a simple SQL injection (text book styled), that allowed access to login without a valid username and password. The exploit could have been used to edit or delete (lets just hope they keep backups at-least) tables. Now the exploit has been fixed after I contacted the site via email (only took them a week to include one simple function) so I guess I can talk about this now. It got me thinking, how many dodgy programers are out in the wild. Considering that this a simple thing and any web developer should test or sources of injections before releasing a site to the public. I am by no means a programer, except for the occasional script for work.

I suggest you read http://thedailywtf.com/ if you have time. Most dodgy programs end up there.

And Dreamtilt, well done.