@MrDiogo I’m going to help you some and more than likely going to get it this time.
For starters, and I will say this over and over again whenever this topic comes up. This level makes me cringe so much and I will constantly argue that it should be altered.
Why, you say? This is where you should begin listening @MrDiogo
It simply is not a proper User Agent. Doesn’t follow the proper User Agent Syntax, nor does it contain any of the information based in a proper User Agent String.
Seems that in your original post you were on the right track, but as I skimmed through it looks like you’re still learning some. As I said before, it’s not a proper User Agent String, doesn’t look like one, therefore changing your User Agent to
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36
for example, will simply not work.
So here’s how we’re going to do this buddy. I’m going to lead you to the information needed to help you understand this “subject” so you can actually learn something and apply it later on in life. It’s very important that you understand this topic, but understanding may or may not help you complete this level. So first we’re going to do some research and after that complete the level.
User Agent Crash Course
Link #1
User Agents Wikipedia
This will give you an overall perspective on everything in more so technical terms. Though, sometimes reading a bunch of information together can be overwhelming and a pain in the ass.
So here’s a more broken down explanation on what a user agent is, and why it’s important.
Link #2
User Agents for Dummies
Doesn’t make you a dummy but, sometimes it’s good to get a more comfortable and relaxing description opposed to reading a bunch of mumbo jumbo that you may or may not understand such as the functions of certain software and networking protocols than having to research each individual word in a little article. All of that will come further in time of you learning. Just work it one step at a time.
Now that you’ve read that second link go back and try and better understand the first one if you haven’t already understood it.
Stop and Refer Back to the First Link ^
Can you see how all of this is important? Think why a server may need to understand information about a device and it’s browser. Different web browsers such as Firefox, Google Chrome, Opera, and Safari are all built the same. Therefore when visiting a site it may need to function a little different that way the overall user experience is suitable to their browsers build and know what parts of the websites code to use and not to use. Well, why should it know information on the device? That’s simple! Have you ever tried using a Desktop version of a site on a mobile phone? It’s a pain in the ass! You have to zoom in and out sometimes you click one link and it sends you elsewhere. This allows a web developer to help direct you, using this string, to better your experience as a user visiting the site. Make sense right?
Let’s get a bit creative now and think outside of the box.
Web Developer Scenario:
What if you create a website that allows users to download software depending on their operating system? I can’t obviously use .exe file on a Linux operating system right? Well, I mean with Wine you could, but the website doesn’t know that so using this string it contains information on the operating system of your machine so it can redirect the user to the proper file types. Websites like Adobe do this all of the time so you are properly installing the correct software.
Criminal Scenario:
Let’s say…. you’re a Cyber Criminal for the sake of this scenario, and that you run a black market website. Remember we’re getting creative here! You could make a completely separate website for users who are not permitted to use the website. So you have some server side script set up to check the user agent strings. If the string isn’t set to
Muahahahaha Evil stuff going on here right now holmes, to9783tynoc93t0938y
Then the users are redirected to a webpage that has cute pictures of puppies. If you have the correct User Agent String then you are redirected to a server that has this black market site set up.
Working for Intel Agencies, scenario:
The FBI will sometimes set up sites like these, called honey pots, to help stop criminals. It’s as simple as a fake black market website to trick and catch criminals to anyone involved in accessing illegal online activity via webpages. Yeah, they could check their logs for IP Addresses and Mac Addresses but sometimes it is good to have further information for forensic investigation. So to protect people from nutsos out there trying to buy guns and kill a bunch of people, the FBI could include some simple JavaScript to collect your User Agent String and store it in a log file with all other information on your machine. Now when they knock on your door and take your stuff they can simply say, “Okay this computer has this, check, okay it has this, check, okay it has this, check…. yep that’s the computer, let’s investigate this machines activity and question the owner.”
User Agents and Hackers Scenario:
Just like the Intelligence Agencies would do their work, the HACKER, could do the same. You want to hack a friends computer. Yet, you’re not quite sure what kind of attack to run and how to go about launching an attack on their machine. Therefore, just like the FBI would set up a honey pot, you set up a deceitful website to gather information of the users computer. So you send them to your site with some JavaScript to collect their UA String and boom….
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Zune 3.0)
So right off the bat you can tell
MSIE, which means they’re running Microsoft Internet Explorer, version 8.0, Windows NT 6.1 which is Windows 7 operating system, it’s 64-bit, the .Net frameworks it’s using, and for media player they have Windows Media 3.0 (Because I know know that, “Zune was a brand of digital media products and services developed by Microsoft.” After I Googled what it was).
If you don’t know certain aspects of a User Agent String you could Google them like I did with the Zune part. Now that you have all of this information on a Users System and Web Browser you may want to take a look at some vulnerabilities on Internet Explorer 8, maybe write a sneaking Trojan wrapped inside of a mp3 file that Windows Media Player 3.0 could execute, so on so forth.
So that’s one thing a hacker could use a user agent for.
Right on! You know all about User Agents and how they can be used! Congratulations on completing this crash course!
Completing the Level
Let’s get back to completing the level! As my teeth cringe about this level and how it has nothing we have talked about above, I will tell you that it is as simple as it is completely misleading. Which I guess could be a good learning lesson. It’s kind of on the line of our Black Market example. Only 20 or so people know about this webpage and the User Agent String they need to use to access it, for the others they will be denied access to the site. So the string isn’t going to talk about the operating system, the string isn’t going to mention version of the users browser, it’s going to be a Key word that will be checked in order to grant you access to the completion of the level. How do you know this though? What is the key word?
Read Further:
Trust me, you’re going to feel stupid and possibly be incredibly disappointed as I was when I did the level but, it sits right, right– before your eyes when you’re on the levels page. Just take a look around at the level page and doing some copying and pasting if you have to. Just look for something that is bizarre and doesn’t make sense or look right. It’s right in front of you in either the levels area or the hints. I cannot remember correctly. It’s a matter of copying and pasting, and it’s in readable text.
You already understand the information, just get the level done and over with.
I hope I helped some as well as entertained you. Give us all some feedback after you complete the level. Good luck, just keep trying bud ;) Cheers!
