A colorful grey world
Another waste of otherwise perfectly healthy bytes
Today, a friend sent me an interesting discovery: a website working only with Windows.
Ok… this is certainly not the first time you’ve heard something like this. So let me rephrase this:
Today, a friend sent me an interesting discovery: a website where TCP connections only work when initiated from a Windows computer.
Ahh… never heard this one have you?
So I open a shell on my Os X laptop and try with lynx... timeout. I telnet to their port 80: nothing. I do the same under Linux, no change. Then I launch WMware Fusion, and try again under Windows XP: works flawlessly using both Firefox and using telnet!
After some tcpdumping, it seems Windows (at least in most setups) doesn’t set window scaling and timestamping on outgoing TCP connections, like most Linux (and Os X) setups do.
So my hack of the day: I penetrated a Windows-Only protected Website by disabling TCP timestamps! Mouahahaha!
The weirdest thing is that 404 are always properly returned! On existing pages, it seems to block when replying. Probably something happening on the PHP side, inside Apache, or inside some weird proxy software.
© Serge Émond >:)
Proudly powered by ExpressionEngine & Arch Linux