Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Even Spam Links is SO SMART grabbing referer now...:-) #MMD
- ------------------------
- $ myfetch h00p://anallovevid.com/1010/in.cgi
- --h00p_proxy = h00p://192.168.7.11:8118"
- --output-document="./sample"
- --referer="h00p://www.google.com/search?q=youtube"
- --user-agent="Mozila/4.3 (X11; U; MacOSX)"
- --target=h00p://anallovevid.com/1010/in.cgi
- --00:15:07-- h00p://anallovevid.com/1010/in.cgi
- => `./sample'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 200 OK
- Length: unspecified [text/html]
- 00:15:08 (8.26 KB/s) - `./sample' saved [2256]
- ------------------------
- // voila! ↓
- <div style="background:#ffffff;width:100%;height:100%;">
- <a href='h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&ptwwd=1&pzlek=0'><font color="#ffffff">Click here</font></a>
- </div>
- // voila! ↓
- <script type="text/javascript"><!--
- var hdrxu = 0;
- if( top.frames.length ) hdrxu = 1;
- var skhdv = 0;
- datawindow=Size();
- if( datawindow[0] < 301 || datawindow[1] < 201 ) skhdv=1;
- if( Width() < 301 || Height() < 201 ) skhdv=1;
- window.location=urlde("tluafed?igc.ni/0101/moc.divevollana//:ptth")+"&hdrxu="+hdrxu+"&skhdv="+skhdv+"&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fq%3Dyoutube";
- function urlde(s)
- {
- return s.split("").reverse().join("");
- }
- function Size() {
- var myWidth = 0, myHeight = 0;
- if( typeof( window.innerWidth ) == 'number' ) {
- //Non-IE
- myWidth = window.innerWidth;
- myHeight = window.innerHeight;
- } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
- //IE 6+ in 'standards compliant mode'
- myWidth = document.documentElement.clientWidth;
- myHeight = document.documentElement.clientHeight;
- } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
- //IE 4 compatible
- myWidth = document.body.clientWidth;
- myHeight = document.body.clientHeight;
- }
- return [ myWidth, myHeight ];
- }
- function Width() {
- return Results (
- window.innerWidth ? window.innerWidth : 0,
- document.documentElement ? document.documentElement.clientWidth : 0,
- document.body ? document.body.clientWidth : 0
- );
- }
- function Height() {
- return Results (
- window.innerHeight ? window.innerHeight : 0,
- document.documentElement ? document.documentElement.clientHeight : 0,
- document.body ? document.body.clientHeight : 0
- );
- }
- function Results(n_win, n_docel, n_body) {
- var n_result = n_win ? n_win : 0;
- if (n_docel && (!n_result || (n_result > n_docel)))
- n_result = n_docel;
- return n_body && (!n_result || (n_result > n_body)) ? n_body : n_result;
- }
- //--></script>
- ーーーーーーーーーーー
- // requestsing.....
- h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fq%3Dyoutube
- // ↑looks my referer url was put into the request's referer, interesting...
- // so these morons is checking wether the referer real / match or not ..
- // sorry we are SMARTER!
- // let's making a plastic surgery of the target url...
- h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault
- // make exactly same referer url
- h00p://anallovevid.com/1010/in.cgi?default
- $ myfetch "h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault"
- --h00p_proxy = h00p://192.168.7.11:8118"
- --referer="h00p://anallovevid.com/1010/in.cgi?default"
- --user-agent="Mozila/4.3(X11; U; MacOSX)"
- --target="h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault"
- --output-document=""./sample2""
- --00:28:41-- h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault
- => `./sample2'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 302 Found
- Location: h00p://anallovevid.com/index.php [following]
- --00:28:48-- h00p://anallovevid.com/index.php
- => `./sample2'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 200 OK
- Length: 5,162 (5.0K) [text/html]
- 00:29:00 (1.59 KB/s) - `./sample2' saved [5162/5162]
- // not we got index.php...
- // what's this?
- $ head ./sample2
- <title>XXX Search :: blowjob</title>
- <meta h00p-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta h00p-equiv="refresh" content="600; URL=search.php?q=blowjob" />
- <link rel="STYLESHEET" type="text/css" href="/templates/adult-9/search.css">
- // my goodness.. I rest my case...LOL
- #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement