Crackers against Smut
Why should we fight against Smut sites? Are we censors?
(A general approach to smut site bombing)
By fravia+, Updated May 1998
Why should we fight against Smut sites? Are we censors?

We are not censors, and we have nothing whatsoever against nude images (if 
given away for free), yet we have to wage battle against commercial smut sites 
for many pretty sound reasons. Here the main ones:

Because commercial smut sites are swamping the whole Web. They have swamped, for 
instance, the server where my main page was hosted to a point that made impossible 
for me to remain there. This swamping may seem strange, since there is NO REASON 
whatsoever to use or peruse such commercial smut sites. 
As anyone that visit these pages of mine knows, if you have learned how to search 
the web there is NOTHING... absolutely nothing that you will not find on the web. 
Any application you can think of, any image that has ever been taken or made, any 
BOOK that has been written dwells somewhere inside a server on our planet, ready 
to be downloaded by you for free. 
In such a situation selling "commercially" what is already free is only a 
fraud, where 'copyrights' laws are used as fig leaves to cover strong commercial 
interests, where all tricks are displayed to deny knowledge for the poors and 
the simple ones, all frills and 'push' activities are fostered heavily in order 
to keep under their consumistic chains and whips those still unaware of what's 
going on, gullible believers in a society where money -and not knowledge- means 
power (why?).

Yet this nether world of ours shows a NEW reality: inter alia you can get at, and 
download, all the knowledge (and horrors) of the human race. That is, you can, once 
you have found them.
The problem and the difficulty is to understand where exactly -and under which 
name that what you seek has been stored. 
This is fairly easy endeavour, though, (see my redsearch engines and my 
redhow to search pages), yet many poor suckers 
and lusers simply don't know it, and have -for instance- to pay in order to 
get their daily smut ration... don't laugh at them! Imagine you are a frustrated 
young man, somewhere in Saudi Arabia, with a web access and enough money and yet 
no naked women images (nor many naked real women nor Wodka-Martinis for that matter :-) 
nowhere in a range of 1000 kilometers... you would probably fall for it as well...

Since, as you know, on the Web there is NO law, crackers are among the few that can 
try to put an end to any activity that they don't like. We decide alone what we allow
and what we forbid, since we HAVE (and spread) real knowledge... the only real "power" 
in our worlds of bytes and codes, where commercial minds stamp about blinded by 
money... and where we can destroy them, and stamp them out, as I will teach you. 

You'll begin to see here how we can attack, and you may decide to join and help (or 
even criticize and help... you are not compelled to agree with our course of action, 
of course).

The proliferation of these commercial sites is independent of their (mostly poor) 
contents, independent from the fact that they are offering images that you could 
have for free, since the people that fall for it DO NOT KNOW that, independent 
from all moralisation campaigns that, as usual in this awful society, always stop 
short of attacking the "holy" commercial activities... 
this swamping is simply a consequence of the inner working of these sites, 
which you must understand in order to defeat them, and that I will try to summarize 

Let's see how a "classical" commercial smut works:

1) 	You steal a great number of bad scanned smut images from the newsgroups (where 
	anybody could get them for free, of course, but that's not the point for you).
2)	You get an Internic name like for 100 US dollars (you are
	already a server provider yourself, or you find one for next to nothing)
3)	You buy some bad-written cgi-scripts to get a paied access to your smut offerings.
4)	You realise that almost nobody comes
5)	You spam every usenet group you can get your hands on in order to get some 
	idiot to visit your site paying you some money
6)	You realise that almost nobody comes
7)	You prepare a real ugly smut image as "banner-ad" and exchange it with one 
	hundred other smut sites, hoping that the small park of frustrated rich idiots 
	that roam these sites (and pay for them) will give you some dollars too.
8)	You realise that almost nobody comes
9)	You specialise in nastier and nastier smut images ("lolitas swallowing horses" 
	"pregnant teenagers tortured by lorry drivers" or whatever)
10)	You swamp whole servers with the same poor images yet with twenty differently 
	named "entrances" to them.
11)	You spam and spam and spam and swamp and swamp and swamp
12)	You realise that most people that seek this kind of images still prefer to get
	them for free
13)	You write the word "free" everywhere in your commercial smut site hoping to 
	get somehow inside the search engines listings for free smut images.
14)	You eventually scrap your couple of bucks from your dirty floor and swallow them.


Well, there are some possible line of actions (I hope you'll send me more 
ideas on this):

1)	Nuke the sites

	This is far from easy, and you need some particulat conditions to 
	be able to do it, yet it is great fun. You'll get some hints and 
	some simple tricks on my cgi reverse engineering pages redone and redtwo.

	Basically you just write something like
			#exec cmd="chmod 666 /etc/passwd"
	for SSI servers 
	or add something like the following to the
	or add to your target URL
	or submit a tag like the following one:	
			<!--#exec cmd="/bin/rm -rf /"-->
	or if the perl.executable is there run it with this URL:
	and nuke the smut site for a while :-)
	And all this is just to SEE if you can play a little with them (a real 
	"complete" attack is of course a little more complicated).
VISIT MY redcgi reverse engineering PAGE ONE
VISIT MY redcgi reverse engineering PAGE TWO

2)	Find and explore the sites
	You can easily explore these sites 'jumping' over their password verification
	applets or scripts.
	1)	Download applets or scripts 
	2)	Crack them
	3)	Enter
	4)	Find a weak point
	5)	destroy
	These 'alien site exploring' techniques will be explained in december on this
To find:
VISIT MY redhow to comb smut sites PAGE
VISIT MY redcombing and klebing techniques PAGE
To explore:
VISIT MY redalien site exploring page (RESTRICTED ACCESS)
	Don't forget that you can enter through FALSE passwords. There are in the warez
	scene hundred of sites that offer 'capered' passwords for commercial smut sites.
	One of the rare case where I'm fully favourable to the warez kids. Million of
	frustrated smut-seekers use these free passwords in order to gain access to the 
	smut sites WITHOUT paying them. This is IMO very good because this does not only 
	damage the smut sites... in fact most of these simpletons realise in this way very 
	soon, how bogus all these commercial smut sites are and won't in their life never 
	come to the idea of paying for access again.

	The Commercial smut sites react against password capering with automated scripts that 
	deconnect all accounts used by two persons on the same time. Yet web server-user 
	notifications protocols are so unreliable that most of the time they just don't dare 
	doing it really, and simply use a completely useless warning, because there are 
	much too many dynamic IDs, and their real terror is to scare off one of the few 
	gullible correct users they have got. So if you get a scarecrow message visiting 
	with a capered password, just reload once more until it disappears.

	You can also of enter using gathered 'crumbs' that you'll find on the source
	html script of the page. Useful crumb gathering is also possible through right 
	clicking on any logo or image and carefully watching and registering the URL
	call sequence inside your "location" browser's window.
VISIT MY redsource checking PAGE

3)	Study the friends of your enemies
	Many commercial smut sites resort to 'commercial smut verificators', which pay them
	'per visit' and take care of the whole verification routines. While this offers a
	better security on one site (the cgi-scripts protections are tougher), this means 
	also that once you have cracked one of these schemes you have cracked all of them.
	My best attack (until now) could bust one of these verification schemes for two 
	complete days. The suckers that paid for it left it in droves and it never regained 
	its momentum. 
	I will teach you the weaknesses of these commercial verification schemes.
VISIT MY redcommercial smut verificators page (RESTRICTED ACCESS)

4)	Beat them at their own game: demonstrate that they are utterly useless
	There is practically not a single image on the commercial smut sides that 
	you could not have for free if you cared to. Yet, instead of leaving these 
	images where only determined people could find them (and why not, if they 
	want to see them, please go ahead), the commercial smut sites throw all
	these images everywhere on the web, making it dead easy, even for childrens, 
	to get at them even if they ARE NOT really seeking them (and since I have 
	three kids, I know what I am saying... if you want to have a look for yourself
	at what kind of smut you can get without any filter whatsoever, connect for 
	instance to

	This is a consequence of the awful society where we live, and where everything 
	is measured only through its 'commercial' value, even people and bodies, yet 
	there is no reason for us to accept this. Since nuking the commercial smut 
	sites is great fun but does not seem to bring us nowhere (there are simply 
	too many of them), I am considering writing simple robots that "dig out" for 
	free all smut images and publish (and update) these links automatically on 
	the usenet relevant groups where the suckers that PAY the commercial smut 
	sites roam. This should damage all commercial smut sites where it really 
	hurts: on their commercial site :-)

	So a good counter-offensive could be to publish on the relevant usenet
	groups (say once every week, automatically):
	1)	either a list of all password capering sites;
	2)	or a list of all the many really free smut sites (which exist but 
		are fairly difficult to find due to the fraudulent proliferation of 
		the adjective 'free' inside the commercial smut sites);
	3)	or a list of all the hidden links inside the main smut sites;
	4)	or some cracking tutorials for the PASSWORD ASKING AND CHECKING applets;
	5)	or some easy robots that would allow any luser to gather whatever 
		images he (thinks he) needs.
	I believe that sending all these info to every warez sites (which are all 
	concurring against another -for bucks- as well, and would tehrefore immediatly 
	publish everything you feed them, just in order to gain some more hits :-) would 
	inflict a more lasting damage to the whole commercial smut scene.
	Since the commercial smut sites cannot afford to change continuously the 
	whole subdirectory naming structure, the publishing of the hidden links and 
	subdirectories structure could be even more effective that the simple publishing 
	of the passwords or the occasional nuking of a couple of exposed site.

	We will examine (in december) how exactly a userid/password script works, and 
	how it 'decides' if the user should gain access to the site or not. There
	are now some new censorship applications that check THE (rosa) PIXELS of the 
	images in order to allow or forbid to 'corporate prisoners' to see them (see 
	my redcorporate survival page in order to defeat them).
	We will therefore reverse their algorithms in order to
	FIND where the images have been hidden inside any smut server. Such a little 
	robot application can then be given around for free... smut seekers will get 
	for free their smut-dope automagically brought home and commercial smut sites 
	will fail miserably as they deserve... hey! this can be very useful against 
	commercial advertisement sites as well, come to think of it :-)

	Another very interesting new sector is PASSWORD CAPERING. Let's have a closer 
	look at the passwords and userids used by the commercial sites (not only smut 
	sites btw). You'll soon realise that they are divided in TWO main categories:
	user-chosen and automatically generated.
	Both are very weak, as we know: 
user chosen passwords are repetitive:
	fred/fred 	(look at the letters "fred" on your keyboard)
	userid/password	(ofter that you would think)
That's the reason some commercial site 'assign' you a password:
And as all crackers know, there is nothing easier than crack the algorithms 
that assign valid passwords in this way once you download the applets or, even 
more simply, have just a (cracker :-) look at a dozen valid passwords taken from 
the many password warez sites.
VISIT MY redpassword busting page (RESTRICTED ACCESS)
Please send me your hints and contributions for this section. 
MAny pages, as you have seen are 'restricted access' 
because I'm fed up with people just leeching and never contributing to my site. 
As you'll be able to see on my new bot wars page, I have 
decided to put part of the advanced knowledge in some restricted areas 
of my site, you'll be able to find quite a lot in the public part, but if 
you want more advanced stuff you'll have to contribute with your own 
It is clear that this project will only survive and thrive if there will be 
more and more essays from ALL OF YOU and if you will find and send me other 
-even better- tricks in order to commercial ruin (or at least to seriously annoy) 
all those bastards that run the commercial smut sites. 

We have done a lot already (see the redOctober attack story), yet  we have 
a lot more to do in order to clean the web from commercial bastards... and not only 
regarding smut images...

Some lusers believe that money and sex are the two only things that count in life, and 
that 'combining' the two, they have found an easy way to scrap some easy bucks. Let's 
show them that in our world money does not mean anything at all and that even if sex 
would really have something to do with some poor quality smut photographical images, 
which I doubt, that too can be gathered on the web for free, like everything else. 
I hope you understand now WHY I want to bust commercial sites (apart from the 'intrinsecal' 
fun in busting web sites :-) and WHY this has nothing to do with any censorship attitude of 
mine: I am a cracker: I want a free web for all.

(c) fravia+ May 1997
Good luck, good hunt!

And if you are interested, here is a small e-mail exchange of your +truly with a smut site (polite) owner.
And if you are interested, here is a very simple password busting program

Crackers against Smut
redAntismut main page
redcombing i.e. how to find the "commercial smut" sites
redsource checking i.e. how to exploit their intrinsic weaknesses
redcgi-script one CGI-tricks, page one
redcgi-script two CGI-tricks, page two

Back to Fravia's main site
red homepage red +ORC red anonimity red counter measures red tools red stalking red enslavement
red students' essays red bots' wars red cocktails red search_forms red mail_fravia
red Is reverse engineering legal?