A
N
T
I
S
M
U
T


fravia's
antismut pages


Fravia's Nofrill
Web design
(1952-2032)
 


Ported to searchlores
February 2000
~
Updated
June 2003
Back to others!
Smut sites busting
"Site busting lore"
(elementary CGI-tricks)

red A general approach
READ THIS FIRST
red combing
red source code checking
red cgi reverse engineering: one
redcgi reverse engineering: two
redServer exploits: one
redServer exploits: Essays
redHow to allow any luser to access any commercial smut site for free :-)
redDenial of Service (swords)
red Background information (and essays)
red Hacking wwwhack
red How you hack into Microsoft: a step by step guide
red default password list (and +1)
 
Fravia's antismut pages are alive and kicking!
The reasons of our attempt to stop the proliferation of the commercial smut sites on the web are explained elsewhere (see for instance the general page), this is all quite difficult (and contested) stuff, please bear with us, keep cool and, foremost, SEND MORE CONTRIBUTIONS!

Seekers against commercial smut
Some background information and some important essays

Read redA polite conversation between a commercial smutsite nuker and a commercial smutsite owner
by fravia+, May 1998

Read .sozni's fundamental essay: redThe Art of Guessing
by .sozni, October 1999
Read this and understand how you "could" (eh :-) get inside some sites

Use Sp!ke's useful rebol script: redA simple REBOL scanner
(September 2000)
Read this and understand how you could implement some of Sozni's ideas...

Read this advanced text: redAuthentication & Authorization lore for Apache servers
published @ searchlores in June 2000
Read this and understand why you "cannot" (eh :-) get inside some sites

Learn the awesome freatures of netcat: redThe awesome netcat utility, by Angela Zaharia
published @ searchlores in October 2001
"I got mad and decided to finger them right back! And netcat is perfect for that!"


Hacking wwwhack
(And a small digression about passwords)
If you are interested in site-access techniques, you may download here a simple 'bruteforcer' that you may use for ALL sites that have HTTP basic authentication. (that's when you try to get to a site and your BROWSER, not an HTML form, asks you for the password).
Download redwwwhack, a very simple, yet effective, password busting program, quite useful to gain user access and study the directory structure of your commercial smut targets... wwhack, keeps TRACK of the sites you gained access into in a file called sites.dat and stores its passwords inside a file called password.txt. Older versions of wwwhack used a 'best before protection', in the following code you can see the relative snippet for a version which "expired" on 19 June. Of course this crap protection does not make any sense, better software [protections] are explained here, have a look by yourself...
:03723 83781005   cmp dword ptr [eax+10], 5
:03727 7F0C       jg 00403735 ;; You could insert here 3F = jg 00403768
:03729 83781005   cmp dword ptr [eax+10], 5
:0372D 7539       jne 00403768
:0372F 83780C14   cmp dword ptr [eax+0C], 14
:03733 7E33       jle 00403768

* Referenced by a Jump at Address:00403727(C)
:03735 8B5371     mov edx, dword ptr [ebx+71]
:03738 8B4204     mov eax, dword ptr [edx+04]
:0373B 6A00       push 0
:0373D 6A00       push 0
:0373F 68A5FC4200 push 0042FCA5 ;;"This copy of wwwhack expired on June 19"
Redirecting the jump (do not just nop the 7F0C, it won't work :-) will make this old copy of wwwhack work in modern times, yet as I said, this is just a very crude program, valid only for username/password combinations where BOTH strings are identical. You may of course slightly modify this old wwwhack code (or use a more recent version of this same appz) in order to try DIFFERENT STRINGS during your busting approaches (it is incredible how many sites you can bust with the older wwhack 'same strings' approach, though)
This said, wwhack is only a very primitive tool: in order to gain root and nuke some of the smut sites, as you probably know, you'll want to try also a very old trick: play with finger and with port 79 and 80... telnet your.commercial.target 80, for instance... but you'll learn far better tricks either on both my "CGI-wars" public pages one and two or following what you you'll read in my Simple email stalking techniques essay

a small digression about passwords
Wish I had a cent for all the password I found out! As any hacker knows, the best password attack is NOT a brute force attack, but rather a 'stupidity based' attack. See, there are SO MANY passwords you must learn (at work to enter your Intranet, Internet, resume work, etc. at home to enter the web, free email, special sites, telnet, etc.), that 99 humans out of 100 will REUSE the same passwords more than once and will USE SIMPLE passwords most of the time. +ORC (a notorious paranoid), wrote me once that one of his "older" passwords was TheEarthWillRiseAgainOutOfTheWaterFairAndGreen (which is Unix case-sensitive) and that he did not use that sort of "simple" passwords anymore (and went over to his "anglo-latin" passwords) because he found them to be too easy to guess!
As you'll soon notice using for instance the simple wwwhack program above, there are MANY that use as username fred and as password fred (have a look at the letters f,r,e and d on your keyboard and you'll understand why). I found HUNDRED of usernames: username and passwords: password, believe it or not...
There are also, very frequently, "site-related" passwords: if you want to access the financial times database, you shold start with financial and times, and it would probably work. The 'solution' to this problem is of course even easier to hack: if the site-protection gives passwords depending on an algorithmus (and few smut sites do this, because lusers want easy to remember passwords), just reverse the algo and you'r done.
Where to find passwords

Don't be silly: the vast majority of sites advertising free passwords to porn sites are actually smut sites themselves, luring traffic through deceptive advertising. There is at the moment a frantic battle for traffic on the smut sites (see my polite conversation between a commercial smutsite nuker and a commercial smutsite owner), smut sites that attracted their traffic pretending to offer 'free' pictures and videos are now increasingly offering 'free' passwords as well. These 'passwords' come directly from the smut sites that are purportedly being violated. The smut sites can pay to the pasword sites a FEE to feature ostensibly faked passwords. The 'pasword' sites sell advertising banner space to the smut sites and list paid-for faked passwords first (mostly the user will land in a banner-clicking nightmare in those cases). In my experience, four password sites out of five are in cahoots with the smut sites (that is a good reason to nuke some of them as well :-)
Unsurprisingly, providing password defenses has become a booming industry... the problem is that these 'defenses' are most of the time very easy to circumvent (see my CGI-reversing and my javascript advanced pages). There are at the moment more than 100 (yes, one hundred) companies offering verification services for commercial smut sites. Fortunately there's not a single one of them that cannot be cracked. Most of these services automatically cancel passwords if they are being used by two people at the same time or if they are originating from different web addresses over a given period of time. Since the passwords you will discover using the tricks explained here ARE NOT PUBLIC (because YOU will discover them on your own), once you check which ones belong to a common used dynamic IP provider (AOL, compuserve, Infonie, whatever), you'r pretty sure that nobody will ever notice it unless you'r shooting in the same timerange as your turkey (the lamer you have taken the password). Just choose an amerloque turkey if you'r european or an european turkey if you'r amerloque and that's all :)
Other common password gathering methods

As strange as it may sound to us, all zombies use the SAME passwords again and again. So the simplest thing of the world is to fetch the less-protected occurrence of it, should you feel the necessity of having it.
Screen savers have notoriously weak protections (you just reboot in order to have access to the box) but the password chosen could be of some interest for you.
First of all let's see how you can bypass a screen saver password routine WITHOUT CLOSING the running session (useful - ahem - in corporate habitats :-)
Windoze NT
CTRL+ALT+DEL and close the screen saver (duh)

Windoze 95
Autorun for CDrom MUST be active.
burn a cdrom with this simple dos batchfile that must be launched by autorun.inf:
REM fravia's windoze95 screensaver bypasser
REN c:\windows\system c:\windows\bogus
Et voilą, the screen saver wont find its resources and will vanish.
Just rename back the subdir once you have access:
REM fravia's windoze95 screensaver bypasser
REN c:\windows\bogus c:\windows\system

To others

(c) 1952-2032: [fravia+], all rights reserved