[C#] Uploaded.net Upload

08/22/2013 08:19 letsego#1

Hi, wollte euch mal fragen ob jemand Ahnung hat wie man bei Uploaded.net etwas per HttpWebRequest uploaden kann?

Ich bekomm keine Informationen wenn ich dort per LiveHttpHeader "mitsniffe", aber vielleicht weis ja einer von euch mehr als ich! :)

Schonmal Danke an alle die mir helfen wollen/k�nnen! :)

08/22/2013 08:23 c0w#2

bin grad zu faul mich anzumelden, wenn du n bild von livehttp headers postest k�nnt ichs mir ja ma anschaun ob ich was seh :D

08/22/2013 08:43 letsego#3

[Only registered and activated users can see links. Click Here To Register...]

Habs mal auf Pastebin hochgeladen da ich nicht alles auf ein Bild bekommen habe.

08/22/2013 09:00 c0w#4

also ich hab damit jetz nicht wirklich viel erfahrung muss ich sagen, aber kennen tue ich upload header mit Content-Disposition: form-data; name="files[]"; filename="blabla.data"
in der richtung, aber ich gehe davon aus, dass ul sich gegen die uploads mit software ein wenig wehrt. ist im ganzen header nix von content drin? ich denke mal dir ist der cookie mit id und pw aufgefallen der an den server geht + das auth=1247230f5a9045045d66dcd60f5ec729fe4458e. da ich kein c kann wei� ich nicht wie das mim cookie handling ist.

08/22/2013 09:19 letsego#5

Okay hab jetzt was gefunden das evtl. weiter helfen k�nnte allerdings in Java:

Code:

	for(int i = 0, c = cookies.size(); i < c; i++) {
				Cookie cookie = cookies.get(i);
				if(cookie.getName().equalsIgnoreCase("login")){
					
					Matcher mat = Pattern.compile("id%3D([0-9]+)%26").matcher(cookie.getValue());
					
					if(mat.find()) {
						authStr += "&id=" + mat.group(1);
						userid = mat.group(1);
					}
					
					mat = Pattern.compile("pw%3D([0-9a-z]+)%26").matcher(cookie.getValue());
					
					if(mat.find()) {
						authStr += "&pw=" + mat.group(1);
					}
				}
			}
			
			this.authStr  = authStr;

Nur leider werde ich aus dem Code (Stammt aus einer selbstgeschriebenen Api.) nicht schlauer :(

08/22/2013 11:08 Ludder231#6

Ist doch eigentlich ganz einfach, er loopt durch die Cookies. Dann Matcht er die und RegExt die ID und das Passwort raus.

08/22/2013 11:14 tolio#7

wenn die mitgepostet werden m�ssen sie auch irgendwo im html quelltext der seite stehen

08/22/2013 15:09 dready#8

@tolio kleine Erg�nzung, oder Js, dort kann man auch cookies setzen.
Swf evtl auch, da bin ich nicht sicher.

08/22/2013 17:03 qkuh#9

Einfach via HttpWebRequest die Datei senden. Nat�rlich st�ckweise. H�ttest du eig. auch mit einem sniffer sehen k�nnen.

08/22/2013 21:19 letsego#10

Quote:

Originally Posted by qkuh

H�ttest du eig. auch mit einem sniffer sehen k�nnen.

Wenn du dir die LiveHttpHeaders angeschaut h�ttest, h�ttest du gesehen das es eben nicht so einfach ist.

Hab mir jetzt mal die Uploaded.net Host Datei von rapidleech angeschaut, nur leider weis ich von PHP gar nichts aber ich denke das ist der Sinnvollste Anhaltspunkt um weiter zu kommen:

PHP Code:


			
<?php



####### Account Info. ###########

$uploaded_user = "ID"; //  Set you username

$uploaded_pass = "Password"; //  Set your password

##############################



    $not_done = true;

    $continue_up = false;

                if ($uploaded_user & $uploaded_pass)

                {

                    $_REQUEST['ud_user'] = $uploaded_user;

                    $_REQUEST['ud_pass'] = $uploaded_pass;

                    $_REQUEST['action'] = "FORM";

                    echo "<b><center>Automatic Login Uploaded.net.</center></b>\n";

                }

                if ($_REQUEST['action'] == "FORM")

                    $continue_up = true;

                else{

?>

                    <script>document.getElementById('info').style.display='none';</script>

                    <div id='info' width='100%' align='center' style="font-weight:bold; font-size:16px">Login</div>

    <table border=0 style="width:270px;" cellspacing=0 align=center>

        <form method=post>

            <input type='hidden' name='action' value='FORM' />

            <tr><td nowrap> Username*<td> <input type='text' name='ud_user' value='' style="width:160px;" /> </tr>

            <tr><td nowrap> Password*<td> <input type='password' name='ud_pass' value='' style="width:160px;" /> </tr>

            <tr><td colspan=2 align=center><input type='submit' value='Upload' /></tr>

            <tr><td colspan=2 align=center><small>*You can set it as default in <b><?php echo $page_upload["uploaded.net"]; ?></b></small></tr>

    </table>

    </form>



<?php

}

if ($continue_up){

    $not_done = false;

?>

    <table width=600 align=center>

    </td></tr>

    <tr><td align=center>

            <script>document.getElementById('info').style.display='none';</script>

            <div id='info' width='100%' align='center'>Login to uploaded.net</div>

<?php

        if (!empty($_REQUEST['ud_user']) && !empty($_REQUEST['ud_pass'])){

        $usr = trim($_REQUEST['ud_user']);

        $pass = trim($_REQUEST['ud_pass']);

        $referrer = "http://uploaded.net/";

        $Url = parse_url('http://uploaded.net/io/login');

        $post['id'] = $usr;

        $post['pw'] = $pass;

        $page = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"] . ($Url["query"] ? "?" . $Url["query"] : ""), $referrer, 0, $post, 0, $_GET["proxy"], $pauth);

        is_page($page);  

        $cookie = GetCookies($page) . ';lang=en';

        if(empty($cookie)){

        html_error('Problem during login.');

        }

        if(!preg_match('#login=([^=]+);#',$cookie,$pwid)){

            html_error('User and password do not match!');

        }

        if($pwid[1] == '0'){

            html_error('Error during login, check username and password. Error 01');

        }

        if($pwid[1] == ''){

            htm_error('Error during login, check username and password. Error 02');

        }

        if($pwid[1] == 'deleted'){

            html_error('Plugin needs updating.');

        }

        }else{

        html_error ('Error, user and/or password is empty, please go back and try again!');

    }

?>

<script>document.getElementById('info').style.display='none';</script>

<div id=info width=100% align=center>Retrive upload ID</div> 

<?php

        $decode = decode($pwid[1]); 

        $va = explode('/', $decode);

        if(!empty($va[2]) && !empty($va[4])){

            $uid  = $va[2];

            $upas = $va[4];

        }else{

            html_error('Error get User ID and/or User Password.');

        }

        $Url = parse_url("http://uploaded.net/js/script.js");

        $script = geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"] . ($Url["query"] ? "?" . $Url["query"] : ""), $referrer, $cookie, 0, 0, $_GET["proxy"], $pauth);

        $editKey = generate(6);

        $serverUrl = cut_str($script, 'uploadServer = \'', '\'').'upload?admincode='.$editKey.'&id='.$uid.'&pw='.$upas;

        $Url = parse_url("http://uploaded.net/io/upload/precheck");

        $id = rand(1,15);

        $fileInfo['size'] = filesize($lfile);

        $fileInfo['id'] = 'file'.$id;

        $fileInfo['name'] = $lname;

        $fileInfo['editKey'] = $editKey;

        geturl($Url["host"], $Url["port"] ? $Url["port"] : 80, $Url["path"] . ($Url["query"] ? "?" . $Url["query"] : ""), 'http://uploaded.net/upload', $cookie, $fileInfo, 0, $_GET["proxy"], $pauth);

?>

        <script>document.getElementById('info').style.display='none';</script>

<?php

        $url = parse_url($serverUrl);

        $upagent = "Shockwave Flash";

        $fpost['Filename'] = $lname;

        $fpost['Upload'] = 'Submit Query';

        $upfiles = upfile($url["host"],$url["port"] ? $url["port"] : 80, $url["path"].($url["query"] ? "?".$url["query"] : ""), "http://uploaded.net/", $cookie, $fpost, $lfile, $lname, "Filedata", 0, 0, 0, $upagent); 

?>

        <script>document.getElementById('progressblock').style.display='none';</script>

<?php

       if(preg_match('#close\s+([A-Za-z0-9]+),#',$upfiles,$links)){

           $download_link = "http://uploaded.net/file/".$links[1]."/".$lname."";

           $adm_link = $editKey;

       }else{

           html_error("Didn't find download link!");

       }

    }



        function decode($str){

                $str = str_replace('%3D', '/', $str);

                $str = str_replace('%26', '/', $str);

                return $str;

            //function by simplesdescarga 09/02/2012

        }

    function generate($len) {

        $pwd = '';

        $con = Array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z');

        $voc = Array('a', 'e', 'i', 'o', 'u');

        for ($i = 0; $i < $len / 2; $i++){

            $c = mt_rand(0, 19);

            $v = mt_rand(0, 4);

            $pwd .= $con[$c] . $voc[$v];

        }

        return $pwd;

    }



    /*

      written by kaox 14/06/2009

      edited by Balor 15/03/2011 (new Layout with YUI uploader)

      fixed by defport 27/04/2011

      fixed user id and password by simplesdescarga 09/02/2012

      fixed messages error at login and to get user id and password by simplesdescarga 09/02/2012

      added support for IPs American by simplesdescarga 09/02/2012

      uptaded to new domain uploaded.net by Ex3dl 15/08/2012

    */

?>

Vielleicht gibts hier ja einen f�higen Coder der mir erkl�ren kann was dort in dem Script genau passiert :)

08/22/2013 23:14 qkuh#11

Benutz mal wireshark. Der upload l�uft �ber TCP.

Code:

POST /upload?admincode=helumo&id=10189902&pw=17db812c7a5631095afb49b09f0de59f97ccf391 HTTP/1.1

Accept: text/*

Content-Type: multipart/form-data; boundary=----------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

User-Agent: Shockwave Flash

Host: am4-r1f1-stor06.uploaded.net

Content-Length: 12359

Connection: Keep-Alive

Cache-Control: no-cache



------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Filename"



ClientlessToClientForDummies.png

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Filedata"; filename="ClientlessToClientForDummies.png"

Content-Type: application/octet-stream



.PNG

.
...
IHDR.......Q.......Gd....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...u.8....d~n....q4.L.01..$H<@.lC.E....m..@H....w...?....%U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~?K.....i..i..i.[....A..4M.4M........JM.4M...[....A..4M.4M........JM.4M...[......T.{...M..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%<.....I.|..{N!m..o>....H..I.0'...I...?!..7.N.?......?[.9{.8%5.peR%<!.
......*..E..\.T...h..ra...h............dZ7t.7J]......7.'.........pieK...n;.y...X..;N.cO...+R#.W&UB.R.....UNr.........J...1.o.M..O-3..r.y..Z..Zv<....!..i..j.)...^a.2..5.piR%....rR.......TU.a<.....e|..:.......{m............R_\......Y...............JX
GUguR.X31..:..q...2.:*#.%.U.{.6....z..e...G....`g..G....gtt.....*a5.U..I......b`+...z.2>u/.....g.[Z.C......e..w.l_.=5..M;N.....K.oO..g........j8.:....K../.b.....t...K...A..UfU.+6....t8.Q...i.<c.Vw....G.........%....T9..G.H.
MJ....U..Si.y.A\...?.d.9W?.......t>..........9...C../...3v-s.]....-...,2/.w.f...q.r..=...G.........%....T9U.....(.h...Ry:I..,..K..^..j..v.i....>*?....%x...=..;..;......
..~~..../....gK.T...........K...&...j.O<..........[.........O.;..;....Ty.i..*.qx..p.|..p......m.....JZs../..
oh.G..........O.;..;....TY...z.k7>\Y..K......R.....p
.>z8..).\.ov..x.....*c.k.+u.l<.*.qN<_....].=<Ex.-... =.B.$>..gf9.C..t~..L&......i..ygzeZk.......%..'U..gY./....4v....Cmzy..o,....m..;...y......h.......).b..|...,u-.m<....,..w....t..j....j..\....F.....i.s....'U.......g..].2.N'...f..._^.0a..L..R.z.......y..&..H....;.\<.......;....W1<W..zz...T.7K..Ve.e.+;.W[&m..,.1}..s..O..K.o.%.2.q.....?..../.o?.....T?........<|..z...M#o{........tg.....?.......W.....\.@\vQ?.FyF...f........F....R3'..R%........v..S...2B.H...J.8E.eP....e../....z'q+.........._]'u>.*.Q.......L..y..;(..v<..-..\.Ybc..4..wk.|..\.x{R%...:zK..Q.y...0&.9:...!b.h'.cb.i..a#u.$.8...,.\F...bn.\..O...W.v...:.~....*a....3.......ZX,........i.s...I......E....<zJzh....b...!vlF.....YXo....SO.3/.>........B....0fP..P..,.a..r!.y|...}.../^..j.bw....O..K.oO..N,.... N......&G. Q2D...7#G..g...Y3...<..>.y.f.Z..N....Q....0fP.=......i.s...I....K.=.uykw.=%(.)fNIsB...!a}#.5..1..^e..:d..Pz....|.U.g.......O..K.oO..."..7.e..;.........t2..a.Z.i&.!!].1.0w...I`...e....z.I.iv........*..;.}....i.s...I........x..GO.L.t....zK....<6.....p...T..-..e.dZ.v...j.8.l..W.&p..O..K.oO..v3....v...'.......N.....=w>.w...=.....?.NU......2UU..r.{."nxQ........KM....c.P.}w>.w...=...K.T.....T8~|4.ah....X.V.j.y../....*y...=..........>....)7.
w>.w...=..kKyo.v..L'..1..zk.....z...Q..[...|..i.=.v..?..;....T.......Gm...'..DXu.#..W..MH.<C...............J..I{sh........a.ZL...W..-p~..c..?U...|.Y~_.,...4..M;N.....K.oO....lW..\Y.2.^jL.\oG..............w._..<...z...G....gtt.....*....V........j...ut.\..#.$.;..Ey.Y.=......O.<z4.8-.FGw...=.....o.pL.S.M...&u.\_y....r.;.i...|.....O....5.peR%.7.....B.\.b..-}. ....\k.|7...'.h..o.7..J..\.T.<].^.....H..I....,.w.F..L..~..K.A>.x.j$...J...K.....+.*..... .......2..x...G...T.H..I..........+.*...~i9.]...F..L...M..NA..\.T...`......2..8.......p.j$...J.dr..-.#Q#.W&U.g%[...F..L...m........H..I....,.WQ#.W&U..c... ....5.peR%..r...^..Q#.W&U..O...M..\.T.\..K.A>......2......G...aj$...J...K`Gj$...J...`9.....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H...?U.................o>....+j$..x.T...l........2u....{.`.....i.e..`...xE..p.gL.c.......sP.s.T........W.H.Gq.T.v.a....o".TYf.1...xE..p.'L../...%&.!R%..l.......~W....T..<.+j$..x..W9..!%..&R%..l........2X..,$..[..J...^Q#....S.w._Z.dF.....F.x..I..w..&c..<..k$.g{.T...."%..k.]#.<.;.J...P#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.pe..JM.4M.4........JM.4M...[....A..4M.4M........JM.4M...[....A..4M.4M.......~.*... .*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@..R.......i..i.m.....H...i..i..\-.\.T.i..i........H...i..i..\-.\.T.i..i..........*s/........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K...^.?....o>y..?....7...."...J..c...}.XW.|N...............L......O.s.."...J..a.1s........-U..._P8\.Vh.Os..WV.,...{.\....K.....b.(].-.f.])....2...gL.....ah...f.4t.....cg:.WC........C.....?.Q.x.ZM
...5.z.......*.7.......V*o.0}..OCL=!.T...0d..Nn.IG..s.oP.q<..._..e...;..y.xekW.{....|.........Z.Z.:i..z.'....K...IU.M....~r.:n..l.
..:.`8..k.=....U.....>....~....i..nt..k.......1.Z:X...WW...O....v...fx.A._
....#..iq.j..5.
..m.....,..c...,...,.......X...\.{{.t.c.q...J)`......l......7m.p.G..CS...g...-....K.y.....w....V>...p..9.WW..:...,m'....zd}zo.Q....9.....*9.T.TEGSs..T.t.6...l...]V...X}}C.....M..i.hy......K.uC.|....w....8!,0....f..K+[JV.p.......2=.q..{.=p..&.7.V_.~......._.~......K.yaH.......#.....T..!.f>..T.YN...5g..3S...%U.r+..,....(I.FM.t.?X]......,..'..a...I.....*+..Vg....
...xXl.S.R..D..l....._N..1...y......xkn....iD....l.oP-;.L.~./.qkx..ws:..eT.....~*iHu....,.1tc...O..8lc8NG...:y...6/47k.7V.{I........j..S...%U.j..X.'.J#......c....4h....~.:...Ol........-.ncs..]V.J=vXe.S..........R....~...n..2......Ug.Q..{.t..c.2\\]... ...V......+.....e...G....I?....<0nb..2...d.u.._.6-3M......k.
...n....7]Y8.7.Co...o.p^."....*..qGOZ.A..Ukk........../,.[..;.,....VKlML........l5.|e...6......T..........u...../6.+.....Q.1/....{....=...-.6w?.W7....I....".].u..E.\...1....w5....|._|.;.z...e..v.a.......l.P&...[...e.....;.....ml.......4bs..;.....:...&6..+l^.2......S."..m.{....=..,_K.X..q......O...^..<....T.-.XzVO'+.[........\.w_..6...u.6............Vc.&.e....[.3W..9k..q.2bs...XV__.Y.......@:Y}...J.a..d.?...[eVu.bcK.{H...;..9Ng..sV......]Se..j.B=h....wz..._2.nq.m.8X]*.....g....ZP.<.........H.N.{.....d..w.N..tX^...o.....J....*.....r...e@R.4.;_.......4k...0M.opX.`....6.w.:._...Fk^.2"...j.8~..L..k.3..~S7.......L.U.1/^.%.-.......E.....2.d.T..bm.8....T...vL...K.n...K.v......w.W...>C~e...A.EV:...C.........t.]sO{>.z...............y.......UA.t..f....D...!......g.o.8...E.O...2....].R......ui.J..f.z...g..|S...9
...w.......G..'..V...o...+:n]..dR.x.*.....7.*.Jyz.3
k.{......_,..3>......~./
\.q.".'..*...
.........vo.=....Q....r.....n....x.....Xf;&.q.....t:Y.Z..._G.y..Za.7.Z.k&.=...5i./.X....u....:U..h..w..O.....l..A5|..:W..2|..z.4b6...y.o.X.7........X./.P......
....[.8
.......8.#....i..../7<*...!$...7=lF..g.71...9?..KI.?y.\.....z...4f^'.....}N.+.8..."..8N...[..n.WI>.......s]9..@1
...|.f...Ty.......|.F.....u....%U.g.L.`............0ru...S.K>k....E=c._1.'.......e..U'!....oi....X.......]t....).X....!Rez......J5..T........s..}....?....0......yz.W........k......|...$...K....s...w.:I..|.....qX;0...gk....3......W].p:/O..izS.........~.6................xE.9.....&.......K.....lu.zF5&......4i._...=...W.......$_...p.L.n.Gn....W.O.U...I....zL..%.....3........vQNg.....^.*.3........z!..|4..*JE\....T.-.....ne.....[,k..w..x..!...7[I..-...X...F..x|..8........~W..|T__.o.....|...I.....|2.V..de..G2t7.....|.......v.|.....[..T.Pu.....=.C..U.|...?.G3.X.......u..9..w....TTU'+..X......f......8.X.o....G).K....k..s..zSw.pg..s.-l;..>..W...puV&.N.^s.\\..MoY.z|......IY&......j.e.`.....pb.c;.......$....].....8.........&Lk,K...edug.H].\.T..5..R...X.U....zKBa6....R-,S..y.e.aD...v3+.e7..t!....}'..e...{h......Xy!.{..:....[Only registered and activated users can see links. Click Here To Register...]....q...4.1.}.......7..p6."...J^.).....%u.,8.=...s..y..V.?....trgj.x5r1N.W.'.....g>..~{..U..o.......z)i..*'..7.....@1
.........BuR.z..7...+[7]......q`.k.'pr."...J^.)....h......KG....V...|..[.a.x...X<.o.;_............v.r.^..7.......5Gi.v.l........Q.I{....aYt.T....T.........1e.(_......K...B.=V...G%.bZ.....sw:...;m.w.n...g.6...x.r............Ng[.
.f........6.U%}.W......LCn..V:...o.4.~...2!
\.U'7..M...U{../r.u.4s.?..}E/1.......G..Z~
.w.m.<N...J.<.
....V...}.W*.e......y.<.:I.....#..q...M....n..|w...~x..,~,N$...|..h...j.5..I.
.8...O......dL.G..>W....N.m..I..tB%_.~.,R...#.\-...;....'U......5..s........x.T.../...7.........k...~...6...I.
.8...."%....h........*...lsq...MI......*.C.<....'U.p.)..9...6+a(.NIh....%b<Z_.
Wa....?.~..1.}N......<..Y.#.....W..0q.%T..........m.=..n..qR%..1...i.<4vV.(.OC..l.Ga.y..
U.:,...Z-...Z...n6........;.s..0$....N..%..L..O.kv.{.....x.T..)..s<.~..v7Ux.-..r.l4}Sb.I.......6..8rm..(O(G.z.e..j....o.j...B..27./.U..g..i..c.kv.{.....x.T...v.....~v..|....T...U..[..........x^'..t{.r.r.E..2`s.......Y.#........!.x.%.1q. ....m.=..n..qR%o..UK.......z.O=....U.k..}..[.Q3t..m....G.z....\.]....Y.#.\h..[I..2 ...9......c.kv.{.....x.T....e)7b9.T$Sy...Q.M........X.........bc.R9.k.Vo=.k<L......{....a..x.aN.J.....e....=k_......gyl...B.G.2........ja.Q=..Y.#;,...K.....~.fb.2\.w.....=.gu.......;....'U.juY2.)q.IU.4.M,f.*.8h.Sn....;.7kV....0u...*..1....
.a.e.x.....Y..,..84...o.r!~i.V..XF.!......j.b.<j......]/......[.....P-^...w8.....6...I.
.8..W...R...B%.*..L3.....r.*x6.]l._-T..y.q...j{..eD=6.6..7.....1_.S..........t..q.m.<N...R....e(^..m....n.q..K..l.:ac......z......=....2.....c.........o.9........... N.m..I...\......6.U3~......e.[.W..kn.:_H..wY...,#..q...X..>...]...g..G..o.C~..C8....'Ur.K.6.21O.r...J.J.+..N.*....[.........v..^.B.......w.7.....`.<....k8..n..qR%.6..lNYUoIJK$...5.....A..I./.l...bc..P..`...^iJ...fiD....5..{...,[Only registered and activated users can see links. Click Here To Register...]'.6...J.x..#.\-...;....'U...k...j.5..I.
.8...._..>W....N.m..I...;P...%U...@].\.T....u.pYR%....E.eI...;P...%Ur0._..pN."...J.f.T9.4...Ow..............*9..ReZ...).O.......,...H)m...3..r!..q.t.o"...tJ...o.7.....8r...\....,...K9m.gc..'s....\.O..h..G...s.ta.......0Q...%U.jMD[r_.w..B.Prb..V.............,..W...f.l|...UN.N..r...........,..Wk"Z.*W..f.....<..2....m.....E.eI..\..a...I........&......J.....&.pe."...J.`.}....q.l.B..7..$..6:..t....<..3......K..BR..A.&..@?u.pYR%.R........u.pYR%.R..."%.;R...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.e..*5M.4M....j....JM.4M...[....@..4M.4M...j....JM.4M...[....@..4M.4M...j....J....\.T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.........b6...+/.....IEND.B`.

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Upload"



Submit Query

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4--HTTP/1.1 200 OK

Server: nginx/1.2.3

Date: Thu, 22 Aug 2013 21:09:18 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: POST, OPTIONS

Access-Control-Allow-Credentials: true

Access-Control-Allow-Headers: x-content-range,x-file-name,x-session-id



b

nfm17swl,0


0

08/22/2013 23:30 tolio#12

ist trotzdem http ^^

ist einfach nen multipart webrequest, alles nachzulesen in den entsprechenden rfc dokumenten

ich versteh gar nicht wo hier �berhaupt das problem oder die unklarheit ist, dateien werden in der regel immer mit nem http post hochgeladen

Quote:

User-Agent: Shockwave Flash

nur kommt hier noch dazu das offensichtlich irgendwas �ber nen flash objekt gemacht wird aber ist auch kein problem, einfach runterladen decompilen und schauen was passiert

hatte uploaded nicht au�erdem mal ne api?

08/22/2013 23:33 qkuh#13

Jo klar, aber diese Browsersniffer k�nnen die packets davon nicht abfangen :)

08/23/2013 08:54 'Heaven.#14

Quote:

Originally Posted by qkuh

Benutz mal wireshark. Der upload l�uft �ber TCP.

Code:

POST /upload?admincode=helumo&id=10189902&pw=17db812c7a5631095afb49b09f0de59f97ccf391 HTTP/1.1

Accept: text/*

Content-Type: multipart/form-data; boundary=----------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

User-Agent: Shockwave Flash

Host: am4-r1f1-stor06.uploaded.net

Content-Length: 12359

Connection: Keep-Alive

Cache-Control: no-cache



------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Filename"



ClientlessToClientForDummies.png

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Filedata"; filename="ClientlessToClientForDummies.png"

Content-Type: application/octet-stream



.PNG

.
...
IHDR.......Q.......Gd....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...u.8....d~n....q4.L.01..$H<@.lC.E....m..@H....w...?....%U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~?K.....i..i..i.[....A..4M.4M........JM.4M...[....A..4M.4M........JM.4M...[......T.{...M..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%<.....I.|..{N!m..o>....H..I.0'...I...?!..7.N.?......?[.9{.8%5.peR%<!.
......*..E..\.T...h..ra...h............dZ7t.7J]......7.'.........pieK...n;.y...X..;N.cO...+R#.W&UB.R.....UNr.........J...1.o.M..O-3..r.y..Z..Zv<....!..i..j.)...^a.2..5.piR%....rR.......TU.a<.....e|..:.......{m............R_\......Y...............JX
GUguR.X31..:..q...2.:*#.%.U.{.6....z..e...G....`g..G....gtt.....*a5.U..I......b`+...z.2>u/.....g.[Z.C......e..w.l_.=5..M;N.....K.oO..g........j8.:....K../.b.....t...K...A..UfU.+6....t8.Q...i.<c.Vw....G.........%....T9..G.H.
MJ....U..Si.y.A\...?.d.9W?.......t>..........9...C../...3v-s.]....-...,2/.w.f...q.r..=...G.........%....T9U.....(.h...Ry:I..,..K..^..j..v.i....>*?....%x...=..;..;......
..~~..../....gK.T...........K...&...j.O<..........[.........O.;..;....Ty.i..*.qx..p.|..p......m.....JZs../..
oh.G..........O.;..;....TY...z.k7>\Y..K......R.....p
.>z8..).\.ov..x.....*c.k.+u.l<.*.qN<_....].=<Ex.-... =.B.$>..gf9.C..t~..L&......i..ygzeZk.......%..'U..gY./....4v....Cmzy..o,....m..;...y......h.......).b..|...,u-.m<....,..w....t..j....j..\....F.....i.s....'U.......g..].2.N'...f..._^.0a..L..R.z.......y..&..H....;.\<.......;....W1<W..zz...T.7K..Ve.e.+;.W[&m..,.1}..s..O..K.o.%.2.q.....?..../.o?.....T?........<|..z...M#o{........tg.....?.......W.....\.@\vQ?.FyF...f........F....R3'..R%........v..S...2B.H...J.8E.eP....e../....z'q+.........._]'u>.*.Q.......L..y..;(..v<..-..\.Ybc..4..wk.|..\.x{R%...:zK..Q.y...0&.9:...!b.h'.cb.i..a#u.$.8...,.\F...bn.\..O...W.v...:.~....*a....3.......ZX,........i.s...I......E....<zJzh....b...!vlF.....YXo....SO.3/.>........B....0fP..P..,.a..r!.y|...}.../^..j.bw....O..K.oO..N,.... N......&G. Q2D...7#G..g...Y3...<..>.y.f.Z..N....Q....0fP.=......i.s...I....K.=.uykw.=%(.)fNIsB...!a}#.5..1..^e..:d..Pz....|.U.g.......O..K.oO..."..7.e..;.........t2..a.Z.i&.!!].1.0w...I`...e....z.I.iv........*..;.}....i.s...I........x..GO.L.t....zK....<6.....p...T..-..e.dZ.v...j.8.l..W.&p..O..K.oO..v3....v...'.......N.....=w>.w...=.....?.NU......2UU..r.{."nxQ........KM....c.P.}w>.w...=...K.T.....T8~|4.ah....X.V.j.y../....*y...=..........>....)7.
w>.w...=..kKyo.v..L'..1..zk.....z...Q..[...|..i.=.v..?..;....T.......Gm...'..DXu.#..W..MH.<C...............J..I{sh........a.ZL...W..-p~..c..?U...|.Y~_.,...4..M;N.....K.oO....lW..\Y.2.^jL.\oG..............w._..<...z...G....gtt.....*....V........j...ut.\..#.$.;..Ey.Y.=......O.<z4.8-.FGw...=.....o.pL.S.M...&u.\_y....r.;.i...|.....O....5.peR%.7.....B.\.b..-}. ....\k.|7...'.h..o.7..J..\.T.<].^.....H..I....,.w.F..L..~..K.A>.x.j$...J...K.....+.*..... .......2..x...G...T.H..I..........+.*...~i9.]...F..L...M..NA..\.T...`......2..8.......p.j$...J.dr..-.#Q#.W&U.g%[...F..L...m........H..I....,.WQ#.W&U..c... ....5.peR%..r...^..Q#.W&U..O...M..\.T.\..K.A>......2......G...aj$...J...K`Gj$...J...`9.....H..I....R#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.peR%....H...?U.................o>....+j$..x.T...l........2u....{.`.....i.e..`...xE..p.gL.c.......sP.s.T........W.H.Gq.T.v.a....o".TYf.1...xE..p.'L../...%&.!R%..l.......~W....T..<.+j$..x..W9..!%..&R%..l........2X..,$..[..J...^Q#....S.w._Z.dF.....F.x..I..w..&c..<..k$.g{.T...."%..k.]#.<.;.J...P#.W&U..<J..\.T...(5.peR%....H..I....R#.W&U..<J..\.T...(5.pe..JM.4M.4........JM.4M...[....A..4M.4M........JM.4M...[....A..4M.4M.......~.*... .*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@..R.......i..i.m.....H...i..i..\-.\.T.i..i........H...i..i..\-.\.T.i..i..........*s/........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K........,...`.."...J........*..v....K...^.?....o>y..?....7...."...J..c...}.XW.|N...............L......O.s.."...J..a.1s........-U..._P8\.Vh.Os..WV.,...{.\....K.....b.(].-.f.])....2...gL.....ah...f.4t.....cg:.WC........C.....?.Q.x.ZM
...5.z.......*.7.......V*o.0}..OCL=!.T...0d..Nn.IG..s.oP.q<..._..e...;..y.xekW.{....|.........Z.Z.:i..z.'....K...IU.M....~r.:n..l.
..:.`8..k.=....U.....>....~....i..nt..k.......1.Z:X...WW...O....v...fx.A._
....#..iq.j..5.
..m.....,..c...,...,.......X...\.{{.t.c.q...J)`......l......7m.p.G..CS...g...-....K.y.....w....V>...p..9.WW..:...,m'....zd}zo.Q....9.....*9.T.TEGSs..T.t.6...l...]V...X}}C.....M..i.hy......K.uC.|....w....8!,0....f..K+[JV.p.......2=.q..{.=p..&.7.V_.~......._.~......K.yaH.......#.....T..!.f>..T.YN...5g..3S...%U.r+..,....(I.FM.t.?X]......,..'..a...I.....*+..Vg....
...xXl.S.R..D..l....._N..1...y......xkn....iD....l.oP-;.L.~./.qkx..ws:..eT.....~*iHu....,.1tc...O..8lc8NG...:y...6/47k.7V.{I........j..S...%U.j..X.'.J#......c....4h....~.:...Ol........-.ncs..]V.J=vXe.S..........R....~...n..2......Ug.Q..{.t..c.2\\]... ...V......+.....e...G....I?....<0nb..2...d.u.._.6-3M......k.
...n....7]Y8.7.Co...o.p^."....*..qGOZ.A..Ukk........../,.[..;.,....VKlML........l5.|e...6......T..........u...../6.+.....Q.1/....{....=...-.6w?.W7....I....".].u..E.\...1....w5....|._|.;.z...e..v.a.......l.P&...[...e.....;.....ml.......4bs..;.....:...&6..+l^.2......S."..m.{....=..,_K.X..q......O...^..<....T.-.XzVO'+.[........\.w_..6...u.6............Vc.&.e....[.3W..9k..q.2bs...XV__.Y.......@:Y}...J.a..d.?...[eVu.bcK.{H...;..9Ng..sV......]Se..j.B=h....wz..._2.nq.m.8X]*.....g....ZP.<.........H.N.{.....d..w.N..tX^...o.....J....*.....r...e@R.4.;_.......4k...0M.opX.`....6.w.:._...Fk^.2"...j.8~..L..k.3..~S7.......L.U.1/^.%.-.......E.....2.d.T..bm.8....T...vL...K.n...K.v......w.W...>C~e...A.EV:...C.........t.]sO{>.z...............y.......UA.t..f....D...!......g.o.8...E.O...2....].R......ui.J..f.z...g..|S...9
...w.......G..'..V...o...+:n]..dR.x.*.....7.*.Jyz.3
k.{......_,..3>......~./
\.q.".'..*...
.........vo.=....Q....r.....n....x.....Xf;&.q.....t:Y.Z..._G.y..Za.7.Z.k&.=...5i./.X....u....:U..h..w..O.....l..A5|..:W..2|..z.4b6...y.o.X.7........X./.P......
....[.8
.......8.#....i..../7<*...!$...7=lF..g.71...9?..KI.?y.\.....z...4f^'.....}N.+.8..."..8N...[..n.WI>.......s]9..@1
...|.f...Ty.......|.F.....u....%U.g.L.`............0ru...S.K>k....E=c._1.'.......e..U'!....oi....X.......]t....).X....!Rez......J5..T........s..}....?....0......yz.W........k......|...$...K....s...w.:I..|.....qX;0...gk....3......W].p:/O..izS.........~.6................xE.9.....&.......K.....lu.zF5&......4i._...=...W.......$_...p.L.n.Gn....W.O.U...I....zL..%.....3........vQNg.....^.*.3........z!..|4..*JE\....T.-.....ne.....[,k..w..x..!...7[I..-...X...F..x|..8........~W..|T__.o.....|...I.....|2.V..de..G2t7.....|.......v.|.....[..T.Pu.....=.C..U.|...?.G3.X.......u..9..w....TTU'+..X......f......8.X.o....G).K....k..s..zSw.pg..s.-l;..>..W...puV&.N.^s.\\..MoY.z|......IY&......j.e.`.....pb.c;.......$....].....8.........&Lk,K...edug.H].\.T..5..R...X.U....zKBa6....R-,S..y.e.aD...v3+.e7..t!....}'..e...{h......Xy!.{..:....[Only registered and activated users can see links. Click Here To Register...]....q...4.1.}.......7..p6."...J^.).....%u.,8.=...s..y..V.?....trgj.x5r1N.W.'.....g>..~{..U..o.......z)i..*'..7.....@1
.........BuR.z..7...+[7]......q`.k.'pr."...J^.)....h......KG....V...|..[.a.x...X<.o.;_............v.r.^..7.......5Gi.v.l........Q.I{....aYt.T....T.........1e.(_......K...B.=V...G%.bZ.....sw:...;m.w.n...g.6...x.r............Ng[.
.f........6.U%}.W......LCn..V:...o.4.~...2!
\.U'7..M...U{../r.u.4s.?..}E/1.......G..Z~
.w.m.<N...J.<.
....V...}.W*.e......y.<.:I.....#..q...M....n..|w...~x..,~,N$...|..h...j.5..I.
.8...O......dL.G..>W....N.m..I..tB%_.~.,R...#.\-...;....'U......5..s........x.T.../...7.........k...~...6...I.
.8...."%....h........*...lsq...MI......*.C.<....'U.p.)..9...6+a(.NIh....%b<Z_.
Wa....?.~..1.}N......<..Y.#.....W..0q.%T..........m.=..n..qR%..1...i.<4vV.(.OC..l.Ga.y..
U.:,...Z-...Z...n6........;.s..0$....N..%..L..O.kv.{.....x.T..)..s<.~..v7Ux.-..r.l4}Sb.I.......6..8rm..(O(G.z.e..j....o.j...B..27./.U..g..i..c.kv.{.....x.T...v.....~v..|....T...U..[..........x^'..t{.r.r.E..2`s.......Y.#........!.x.%.1q. ....m.=..n..qR%o..UK.......z.O=....U.k..}..[.Q3t..m....G.z....\.]....Y.#.\h..[I..2 ...9......c.kv.{.....x.T....e)7b9.T$Sy...Q.M........X.........bc.R9.k.Vo=.k<L......{....a..x.aN.J.....e....=k_......gyl...B.G.2........ja.Q=..Y.#;,...K.....~.fb.2\.w.....=.gu.......;....'U.juY2.)q.IU.4.M,f.*.8h.Sn....;.7kV....0u...*..1....
.a.e.x.....Y..,..84...o.r!~i.V..XF.!......j.b.<j......]/......[.....P-^...w8.....6...I.
.8..W...R...B%.*..L3.....r.*x6.]l._-T..y.q...j{..eD=6.6..7.....1_.S..........t..q.m.<N...R....e(^..m....n.q..K..l.:ac......z......=....2.....c.........o.9........... N.m..I...\......6.U3~......e.[.W..kn.:_H..wY...,#..q...X..>...]...g..G..o.C~..C8....'Ur.K.6.21O.r...J.J.+..N.*....[.........v..^.B.......w.7.....`.<....k8..n..qR%.6..lNYUoIJK$...5.....A..I./.l...bc..P..`...^iJ...fiD....5..{...,[Only registered and activated users can see links. Click Here To Register...]'.6...J.x..#.\-...;....'U...k...j.5..I.
.8...._..>W....N.m..I...;P...%U...@].\.T....u.pYR%....E.eI...;P...%Ur0._..pN."...J.f.T9.4...Ow..............*9..ReZ...).O.......,...H)m...3..r!..q.t.o"...tJ...o.7.....8r...\....,...K9m.gc..'s....\.O..h..G...s.ta.......0Q...%U.jMD[r_.w..B.Prb..V.............,..W...f.l|...UN.N..r...........,..Wk"Z.*W..f.....<..2....m.....E.eI..\..a...I........&......J.....&.pe."...J.`.}....q.l.B..7..$..6:..t....<..3......K..BR..A.&..@?u.pYR%.R........u.pYR%.R..."%.;R...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.eI...;P...%U...@].\.T....u.pYR%....E.e..*5M.4M....j....JM.4M...[....@..4M.4M...j....JM.4M...[....@..4M.4M...j....J....\.T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.....J....I......*....'U....O......T...@?.....~R%.........b6...+/.....IEND.B`.

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4

Content-Disposition: form-data; name="Upload"



Submit Query

------------cH2cH2cH2cH2GI3gL6gL6gL6ei4ei4--HTTP/1.1 200 OK

Server: nginx/1.2.3

Date: Thu, 22 Aug 2013 21:09:18 GMT

Content-Type: text/plain

Transfer-Encoding: chunked

Connection: keep-alive

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: POST, OPTIONS

Access-Control-Allow-Credentials: true

Access-Control-Allow-Headers: x-content-range,x-file-name,x-session-id



b

nfm17swl,0


0

Made my day :D Deine versuche schlau zu tun sind so geil :D