unforum

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

[INFO] Cookies?

**Posted:** Sun Jul 25, 2004 5:33 pm

LilSerf · Guest

mine, for what it's worth

**Posted:** Sun Jul 25, 2004 5:36 pm

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

y1dt8hx=+m2ww.2s55lk.5J55eklh+mq

Clearing cookies gives different value each time, so it's definitely not your IP that's encrypted, probably completely random.

**Posted:** Sun Jul 25, 2004 5:42 pm

Samari

looks like just a simple session tracker, all the good bits of information are on the server in that case.

**Posted:** Sun Jul 25, 2004 5:53 pm

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

In the IRC chat, nohbdy has discovered something very interesting about the cookies. It seems to be a seed for the distorted images on the site. If you disable/block all cookies, the images will no longer be distorted on the site. Interesting find.

**Posted:** Sun Jul 25, 2004 6:29 pm

nohbdy · Greenhorn Joined: 20 Mar 2003 Posts: 3

I don't think I would call it a seed since with refreshing you can get multiple different versions of an image with the same cookie value.

The images aren't actually images - they're scripts (most likely PHP4) with image filenames. When your browser requests them, the script runs and returns the image data, and sometimes inserts the already well known text into them. Sometimes (actually, more often than not) the script just returns the image as-is without adding the text. However, if you have cookies blocked it always returns the image as-is (perhaps the script fails without the cookie set? or perhaps it just always happens to come up unscrambled according to the algorithm given that input).

The cookie (or lack of one) seems to have no effect on any mayday or computer text being inserted onto the pages, though. And quite likely no relevance to anything game-related.

**Posted:** Sun Jul 25, 2004 6:52 pm

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

Running "telnet ilovebees.com 80", and sending "GET /" to get the headers:

**Posted:** Sun Jul 25, 2004 7:06 pm

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

(WOW!)

I can't believe this came up with something....

http://bugs.php.net/bug.php?id=9509

There is a garbled image bug in PHP 4.0.4pl1!!!!

**Posted:** Sun Jul 25, 2004 7:08 pm

Samari

those numbers don't have to be acurate. any good sysadmin would change them to trick hackers. one of my profs frequently uses Pi as software version numbers in headers and banners. those numbers seem to line up with a Red Hat 7.x install though for what it's worth.

the thing that bothers me is that the cookie name is deliberately chosen. the default is usually something like PHPSESID, so the name was set by someone or something.

**Posted:** Sun Jul 25, 2004 7:10 pm

Aeiri · Greenhorn Joined: 25 Jul 2004 Posts: 9

**Posted:** Sun Jul 25, 2004 7:14 pm

thr4k4 · Boot Joined: 25 Jul 2004 Posts: 22

simple binary rotation

**Posted:** Sun Jul 25, 2004 8:13 pm

EvilMonkey · Guest

When i first noticed this cookie:

http://forums.unfiction.com/forums/viewtopic.php?t=4619&start=75

my first thought that it might be a password to be used later or an odd file na me to find. I tried using it with various file extensions (.jpg, .gif, .html, .mp3, .wav) on ilovebees.com with no luck. I also tried using it as the password for ladybee777 before i read that that was off limits. So as of now i am in agreement that we probably have no use for it, but i am keeping it in the back of my head while more information comes to light, and more websites come into play.

**Posted:** Mon Jul 26, 2004 3:17 am