betterfitness.co.uk Report : Visit Site

Technical data of the betterfitness.co.uk

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host betterfitness.co.uk. Currently, hosted in France and its service provider is OVH SAS .

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called nginx/1.2.1 containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

home about me archives oct 18, 2014 blue penguin i recently made a new pelican theme: blue penguin . it's based on pelican-mockingbird. and it is of course the theme i'm using right now. i've changed/improved some of the stylings, including: a solarized theme for pygments. larger content width. better image handling. lots of small tweaks. posted at 20:00 · pelican theme aug 31, 2014 reversing destruct_me with radare2 my friend depierre proposed me a reversing challenge. he had made a small binary , and my goal was of course to find the flag. $ ./destruct_me usage: ./destruct_me password ko knowing depierre, i knew it would be tricky. but still, let's search for some interesting strings: $ r2 -a destruct_me -- i hope you segfault in hell. [ 0x08048360 ] > iz vaddr = 0x08048709 paddr = 0x00000709 ordinal = 000 sz = 8 len = 6 section = .rodata type = u string = ԁ%c%c \n vaddr = 0x08048711 paddr = 0x00000711 ordinal = 001 sz = 20 len = 19 section = .rodata type = a string = usage: %s password \n vaddr = 0x08048725 paddr = 0x00000725 ordinal = 002 sz = 11 len = 10 section = .rodata type = a string = not_a_flag not_a_flag is of course a trap, it seems to hang and eat the cpu. notice how i use the -a flag in the following r2 command. it tells r2 to do the aa command at startup, which analyzes the binary for us (xrefs, functions, ...): 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 [0 x08048360 ] > pdf@main | ; unknown xref from 0x080485cd (unk) | ; data xref from 0x08048377 (entry0) / ( fcn ) main 139 | 0 x080485cd 55 push ebp | 0 x080485ce 89 e5 mov ebp , esp | 0 x080485d0 53 push ebx | 0 x080485d1 83 e4f0 and esp , 0xfffffff0 | 0 x080485d4 83 ec10 sub esp , 0x10 | 0 x080485d7 837 d0801 cmp dword [ ebp + 0x8 ], 0x1 | ,=< 0 x080485db 7 f1c jg loc.080485f9 | | 0 x080485dd 8 b450c mov eax , [ ebp + 0xc ] | | 0 x080485e0 8 b00 mov eax , [ eax ] | | 0 x080485e2 89442404 mov [ esp + 0x4 ], eax | | 0 x080485e6 c7042411870. mov dword [ esp ], str.usage___s_password_n ; str.usage___s_password_n | | 0 x080485ed e82efdffff call sym.imp.printf | | sym.imp.printf ( unk , unk ) | | 0 x080485f2 b8ffffffff mov eax , 0xffffffff ; -1 | ,==< 0 x080485f7 eb5a jmp loc.08048653 | || ; jmp xref from 0x080485db (unk) |- loc.080485f9 95 | |`-> 0 x080485f9 8 b450c mov eax , [ ebp + 0xc ] | | 0 x080485fc 83 c004 add eax , 0x4 | | 0 x080485ff 8 b00 mov eax , [ eax ] | | 0 x08048601 c7442404258. mov dword [ esp + 0x4 ], str.not_a_flag ; str.not_a_flag | | 0 x08048609 890424 mov [ esp ], eax | | 0 x0804860c e8fffcffff call sym.imp.strcmp | | sym.imp.strcmp () | | 0 x08048611 85 c0 test eax , eax | ,===< 0 x08048613 7519 jne loc.0804862e | || 0 x08048615 8 b450c mov eax , [ ebp + 0xc ] | || 0 x08048618 83 c004 add eax , 0x4 | || 0 x0804861b 8 b18 mov ebx , [ eax ] | || 0 x0804861d e837ffffff call fcn.08048559 | || fcn.08048559 () | || 0 x08048622 d95c240c fs tp dword [ esp + 0xc ] | || 0 x08048626 f30f2c44240c cvttss2si eax , [ esp + 0xc ] | || 0 x0804862c 8803 mov [ ebx ], al | | ; jmp xref from 0x08048613 (unk) |- loc.0804862e 42 | `---> 0 x0804862e 8 b450c mov eax , [ ebp + 0xc ] | | 0 x08048631 83 c004 add eax , 0x4 | | 0 x08048634 8 b00 mov eax , [ eax ] | | 0 x08048636 890424 mov [ esp ], eax | | 0 x08048639 e802fdffff call sym.imp.strlen | | sym.imp.strlen () | | 0 x0804863e a39c990408 mov [ 0x804999c ], eax | | 0 x08048643 8 b450c mov eax , [ ebp + 0xc ] | | 0 x08048646 8 b4004 mov eax , [ eax + 0x4 ] | | 0 x08048649 a398990408 mov [ 0x8049998 ], eax | | 0 x0804864e b800000000 mov eax , 0x0 | | ; jmp xref from 0x080485f7 (unk) |- loc.08048653 5 | `--> 0 x08048653 8 b5dfc mov ebx , [ ebp - 0x4 ] | 0 x08048656 c9 leave \ 0 x08048657 c3 ret looks like it's the fcn.08048559 on line 36 that's hanging: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 [0 x08048360 ] > pdf @ 0x08048559 ; unknown xref from 0x08048559 (fcn.08048559) ; call xref from 0x0804861d (unk) / ( fcn ) fcn.08048559 116 | 0 x08048559 55 push ebp | 0 x0804855a 89 e5 mov ebp , esp | 0 x0804855c 83 ec20 sub esp , 0x20 | 0 x0804855f a130870408 mov eax , [ 0x8048730 ] | 0 x08048564 8945 fc mov [ ebp - 0x4 ], eax | 0 x08048567 c745f800000. mov dword [ ebp - 0x8 ], 0x0 | ,=< 0 x0804856e eb12 jmp fcn.08048582 | ; jmp xref from 0x0804858b (fcn.08048559) | ; jmp xref from 0x08048596 (fcn.08048559) |- loc.08048570 93 | .. --> 0x08048570 8345 f801 add dword [ ebp - 0x8 ], 0x1 | ||| 0 x08048574 d945fc fld dword [ ebp - 0x4 ] | ||| 0 x08048577 dd0538870408 fld qword [ 0x8048738 ] | ||| 0 x0804857d dee9 fs ubp st1 , st0 | ||| 0 x0804857f d95dfc fs tp dword [ ebp - 0x4 ] | ||| ; jmp xref from 0x0804856e (fcn.08048559) |- fcn.08048582 75 | ||`-> 0 x08048582 d945fc fld dword [ ebp - 0x4 ] | || 0 x08048585 d9ee fldz | || 0 x08048587 dfe9 fucomip st0 , st1 | || 0 x08048589 ddd8 fs tp st0 | |`==< 0 x0804858b 7 ae3 jp loc.08048570 | | 0 x0804858d d945fc fld dword [ ebp - 0x4 ] | | 0 x08048590 d9ee fldz | | 0 x08048592 dfe9 fucomip st0 , st1 | | 0 x08048594 ddd8 fs tp st0 | `===< 0 x08048596 75 d8 jne loc.08048570 | 0 x08048598 660 f6e45f8 movd xmm0 , dword [ ebp - 0x8 ] | 0 x0804859d 660 fd645e0 movq [ ebp - 0x20 ], xmm0 | 0 x080485a2 df6de0 fild qword [ ebp - 0x20 ] | 0 x080485a5 d945fc fld dword [ ebp - 0x4 ] | 0 x080485a8 dec1 faddp st1 , st0 | 0 x080485aa d95dfc fs tp dword [ ebp - 0x4 ] | 0 x080485ad 660 f6e4df8 movd xmm1 , dword [ ebp - 0x8 ] | 0 x080485b2 660 fd64de0 movq [ ebp - 0x20 ], xmm1 | 0 x080485b7 df6de0 fild qword [ ebp - 0x20 ] | 0 x080485ba d945fc fld dword [ ebp - 0x4 ] | 0 x080485bd def1 fdivrp st1 , st0 | 0 x080485bf d95dfc fs tp dword [ ebp - 0x4 ] | 0 x080485c2 8 b45fc mov eax , [ ebp - 0x4 ] | 0 x080485c5 8945 e8 mov [ ebp - 0x18 ], eax | 0 x080485c8 d945e8 fld dword [ ebp - 0x18 ] | 0 x080485cb c9 leave \ 0 x080485cc c3 ret it does floating point operations, but we don't care, since the execution flow is supposed to continue anyway. i'm taking a wild guess and suppose it's pure misleadling junk. let's rename it, just in case we come across it again: [0 x08048360 ] > afn junk 0x08048559 fr fcn.08048559 junk@ 0x8048559 let's just focus on what's next. on line 49 the password length is stored in the .bss section, meaning it's certainly a global variable and might need it later. same thing on line 52 , but with the password, let's just rename them, so we won't miss them later. [0 x08048460 ] > f str.pass_len @ 0x804999c [0 x08048460 ] > f str.pass @ 0x8049998 what's next then? main() seems to be returning, so how is the 'ko' print? let's try and search for xrefs of printf : 1 2 3 4 5 6 7 8 [0 x080485a5 ] > [email protected] | ; unknown xref from 0x080485ed (unk) | ; call xref from 0x08048552 (fcn.08048430) | ; call xref from 0x08048517 (fcn.08048430) | ; call xref from 0x08048494 (fcn.08048430) | ; call xref from 0x080485ed (unk) / ( fcn ) sym.imp.printf 6 | 0 x08048320 ff257c990408 jmp dword [ 0x804997c ] there is actually 4 calls to printf() . the function they're in (fcn.08048430) is in the .text section: 1 2 3 4 5 6 7 8 9 10 11 [0 x08048430 ] > is [ section s ] [ ... ] idx = 12 vaddr = 0x08048360 paddr = 0x00000360 sz = 882 vsz = 882 perm = - r - x name = .text idx = 13 vaddr = 0x080486d4 paddr = 0x000006d4 sz = 20 vsz = 20 perm = - r - x name = .fini [ ... ] idx = 17 vaddr = 0x08049870 paddr = 0x00000870 sz = 4 vsz = 4 perm = - rw - name = .init_array idx = 18 vaddr = 0x08049874 paddr = 0x00000874 sz = 8 vsz = 8 perm = - rw - name = .fini_array [ ... ] 30 section s you've certainly noticed the size of the .fini_array section is 8, meaning it contains two function pointers. you can find more information about elf sections there. this section contains pointers to functions to call after the main() returns or when calling exit() . he certainly used the gcc dest

URL analysis for betterfitness.co.uk

http://www.betterfitness.co.uk/#third-49
http://www.betterfitness.co.uk/#third-48
http://www.betterfitness.co.uk/#fourth-56
http://www.betterfitness.co.uk/#fourth-57
http://www.betterfitness.co.uk/#third-74
http://www.betterfitness.co.uk/#fourth-51
http://www.betterfitness.co.uk/#fourth-52
http://www.betterfitness.co.uk/#fourth-53
http://www.betterfitness.co.uk/#third-41
http://www.betterfitness.co.uk/#third-40
http://www.betterfitness.co.uk/#third-43
http://www.betterfitness.co.uk/#third-39
http://www.betterfitness.co.uk/#third-45
http://www.betterfitness.co.uk/#third-44
http://www.betterfitness.co.uk/#third-47

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Error for "betterfitness.co.uk".

the WHOIS query quota for 2600:3c03:0000:0000:f03c:91ff:feae:779d has been exceeded
and will be replenished in 179 seconds

WHOIS lookup made at 18:14:28 24-Aug-2017

--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:

Copyright Nominet UK 1996 - 2017.

You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.uk/whoisterms,
which includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

  REFERRER http://www.nominet.org.uk

  REGISTRAR Nominet UK

SERVERS

  SERVER co.uk.whois-servers.net

  ARGS betterfitness.co.uk

  PORT 43

  TYPE domain

DISCLAIMER
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:
Copyright Nominet UK 1996 - 2017.
You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.uk/whoisterms,
which includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

  REGISTERED no

DOMAIN

  NAME betterfitness.co.uk

NSERVER

  NS.HOSTEUROPE.COM 212.67.202.2

  NS2.HOSTEUROPE.COM 62.138.132.22

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .