Fravia's antismut page
Ported to searchlores
Smut sites busting
"Seekers against commercial smut"
is alive and kicking!
The reasons of our attempt to stop the proliferation
of the commercial smut sites on the web are explained elsewhere (see for instance
the general page), this is all quite difficult (and contested) stuff,
please bear with us, keep cool and, foremost, SEND MORE CONTRIBUTIONS!
And now let's begin!
CGI-script reverse engineering and related activities
A general approach to Web sites nuking
How to comb the web
How to find "crumbs" of information inside the source code of web pages
How to exploit the weak CGI-script and PERL programs used by the Smut dealers
How to make a smut site go Ka-Boom!
(this is the stuff you wanted to read and never found on the web)
Seekers against commercial smut
Seekers against commercial smut
Some background information
Read A polite conversation between a commercial smutsite
nuker and a commercial smutsite owner
by fravia+, May 1998
Read .sozni's fundamental essay: The Art of Guessing
(And a small digression about passwords)
If you are interested in site-access techniques, you may
download here a simple 'bruteforcer' that you may use for ALL sites that have
HTTP basic authentication. (that's when you try to get
to a site and your BROWSER, not an HTML form, asks you for the password).
Download wwwhack, a
very simple, yet effective, password busting program, quite useful to gain user access and study
the directory structure of your commercial smut targets...
wwhack, keeps TRACK of the sites you gained access into in a file called sites.dat
and stores its passwords inside a file called password.txt. wwwhack
is a 'best before protection' (at least in this version), which expired on 19
June. Of course this doesn't matter much for reversers, here you go...
:03723 83781005 cmp dword ptr [eax+10], 5
:03727 7F0C jg 00403735 ;; You may want to change this to 7F3F = jg 00403768
:03729 83781005 cmp dword ptr [eax+10], 5
:0372D 7539 jne 00403768
:0372F 83780C14 cmp dword ptr [eax+0C], 14
:03733 7E33 jle 00403768
* Referenced by a Jump at Address:00403727(C)
:03735 8B5371 mov edx, dword ptr [ebx+71]
:03738 8B4204 mov eax, dword ptr [edx+04]
:0373B 6A00 push 0
:0373D 6A00 push 0
:0373F 68A5FC4200 push 0042FCA5 ;; ->"This copy of wwwhack expired on June 19."
Redirecting the jump (do not just nop the 7F0C, it won't work :-) will make wwwhack work whenever you want, yet as I said, this is just a very crude
program, valid only for username/password combinations where BOTH strings are identical. You
may of course slightly modify wwwhack code in order to try DIFFERENT STRINGS during your
busting approaches, this requires a small patch. (It's incredible how many sites you can bust with
the simple wwhack 'same strings' approach, though)
This said, wwhack is only a very primitive tool: in order to gain root and
nuke some of the smut sites,
as you probably know, you'll want to try also a very old trick: play with finger and with port 79
and 80... telnet your.commercial.target
80, for instance... but you'll learn far better
tricks either on both my "CGI-wars" public pages one and
or following what you you'll read in my Simple email stalking techniques essay
a small digression about passwords
Wish I had a cent for all the password I found out! As any hacker knows, the best password
attack is NOT a brute force attack, but rather a 'stupidity based' attack. See, there are
SO MANY passwords you must learn (at work to enter your Intranet, Internet, resume work, etc.
at home to enter the web, free email, special sites, telnet, etc.), that 99 humans out of 100 will
REUSE the same passwords more than once and will USE SIMPLE passwords most of the time. +ORC (a
wrote me once that one of his "older" passwords was
TheEarthWillRiseAgainOutOfTheWaterFairAndGreen (which is Unix case-sensitive)
that he did not use that sort of "simple" passwords anymore (and went over to his
"anglo-latin" passwords) because he found them to be too easy to
As you'll soon notice using for instance the simple wwwhack program above, there are
MANY that use as username fred and as password fred (have a look at the letters f,r,e and d on your
keyboard and you'll understand why). I found HUNDRED of usernames: username and
passwords: password, believe it or not...
There are also, very frequently, "site-related"
passwords: if you want to access the financial times database, you shold start with financial
times, and it would probably work. The 'solution' to this problem is
of course even easier to hack: if the site-protection gives passwords depending on an algorithmus
(and few smut sites
do this, because lusers want easy to remember passwords), just reverse the algo and you'r done.
Where to find passwords
Don't be silly: the vast majority of sites advertising free passwords to porn sites are actually smut
sites themselves, luring traffic through deceptive advertising. There is at the moment a frantic battle
for traffic on the smut sites (see my polite conversation between a commercial smutsite
nuker and a commercial smutsite owner), smut sites that attracted their traffic pretending to offer 'free'
pictures and videos are now increasingly offering 'free' passwords as well. These 'passwords'
come directly from the smut sites that are purportedly being violated. The smut sites can pay to the
pasword sites a FEE to feature ostensibly faked passwords. The 'pasword' sites sell advertising banner
space to the smut sites and list paid-for faked passwords first (mostly the user will land in a
banner-clicking nightmare in those cases). In my experience, four
password sites out of five are in cahoots with the smut sites (that is a good reason
to nuke some of them as well :-)
Unsurprisingly, providing password defenses has become a
booming industry... the problem is that these 'defenses' are most of the time very easy
more than 100 (yes, one hundred) companies offering verification services for commercial
smut sites. Fortunately there's not a single one of them that cannot be cracked. Most of these
services automatically cancel passwords if they are being used by two people at the same time
or if they are originating from different web addresses over a given period of time. Since
the passwords you will discover using the tricks explained here ARE NOT PUBLIC (because YOU
will discover them on your own), once you check which ones belong to a common used dynamic
IP provider (AOL, compuserve, Infonie, whatever), you'r pretty sure that nobody will ever
notice it unless you'r shooting in the same timerange as your turkey (the lamer you have
taken the password). Just choose an amerloque turkey if you'r european or an european turkey
if you'r amerloque and that's all :)
(c) 2000: [fravia+], all rights reserved