Even XXXSpam Links is F*SMART to grab referer now...:-) #MMD

1. Even Spam Links is SO SMART grabbing referer now...:-) #MMD
2. ------------------------
3.  
4. $ myfetch h00p://anallovevid.com/1010/in.cgi
5.  
6. --h00p_proxy = h00p://192.168.7.11:8118"
7. --output-document="./sample"
8. --referer="h00p://www.google.com/search?q=youtube"
9. --user-agent="Mozila/4.3 (X11; U; MacOSX)"
10. --target=h00p://anallovevid.com/1010/in.cgi
11.  
12. --00:15:07-- h00p://anallovevid.com/1010/in.cgi
13. => `./sample'
14. Connecting to 192.168.7.11:8118... connected.
15. Proxy request sent, awaiting response... 200 OK
16. Length: unspecified [text/html]
17. 00:15:08 (8.26 KB/s) - `./sample' saved [2256]
18.  
19. ------------------------
20.  
21. // voila!　↓
22.  
23. <div style="background:#ffffff;width:100%;height:100%;">
24. <a href='h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&ptwwd=1&pzlek=0'><font color="#ffffff">Click here</font></a>
25. </div>
26.  
27. // voila! ↓
28.  
29. <script type="text/javascript"><!--
30.  
31. var hdrxu = 0;
32. if( top.frames.length ) hdrxu = 1;
33.  
34.  
35. var skhdv = 0;
36. datawindow=Size();
37. if( datawindow[0] < 301 || datawindow[1] < 201 ) skhdv=1;
38. if( Width() < 301 || Height() < 201 ) skhdv=1;
39.  
40.  
41. window.location=urlde("tluafed?igc.ni/0101/moc.divevollana//:ptth")+"&hdrxu="+hdrxu+"&skhdv="+skhdv+"&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fq%3Dyoutube";
42.  
43. function urlde(s)
44. {
45. return s.split("").reverse().join("");
46. }
47.  
48. function Size() {
49. var myWidth = 0, myHeight = 0;
50. if( typeof( window.innerWidth ) == 'number' ) {
51. //Non-IE
52. myWidth = window.innerWidth;
53. myHeight = window.innerHeight;
54. } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
55. //IE 6+ in 'standards compliant mode'
56. myWidth = document.documentElement.clientWidth;
57. myHeight = document.documentElement.clientHeight;
58. } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
59. //IE 4 compatible
60. myWidth = document.body.clientWidth;
61. myHeight = document.body.clientHeight;
62. }
63.  
64. return [ myWidth, myHeight ];
65. }
66.  
67. function Width() {
68. return Results (
69. window.innerWidth ? window.innerWidth : 0,
70. document.documentElement ? document.documentElement.clientWidth : 0,
71. document.body ? document.body.clientWidth : 0
72. );
73. }
74. function Height() {
75. return Results (
76. window.innerHeight ? window.innerHeight : 0,
77. document.documentElement ? document.documentElement.clientHeight : 0,
78. document.body ? document.body.clientHeight : 0
79. );
80. }
81. function Results(n_win, n_docel, n_body) {
82. var n_result = n_win ? n_win : 0;
83. if (n_docel && (!n_result || (n_result > n_docel)))
84. n_result = n_docel;
85. return n_body && (!n_result || (n_result > n_body)) ? n_body : n_result;
86. }
87.  
88. //--></script>
89.  
90.  
91. ーーーーーーーーーーー
92.  
93. // requestsing.....
94.  
95. h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fq%3Dyoutube
96.  
97.  
98. // ↑looks my referer url was put into the request's referer, interesting...
99. // so these morons is checking wether the referer real / match or not ..
100. // sorry we are SMARTER!
101.  
102. // let's making a plastic surgery of the target url...
103. h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault
104.  
105. // make exactly same referer url
106. h00p://anallovevid.com/1010/in.cgi?default
107.  
108.  
109. $ myfetch "h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault"
110.  
111. --h00p_proxy = h00p://192.168.7.11:8118"
112. --referer="h00p://anallovevid.com/1010/in.cgi?default"
113. --user-agent="Mozila/4.3(X11; U; MacOSX)"
114. --target="h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault"
115. --output-document=""./sample2""
116.  
117.  
118. --00:28:41-- h00p://anallovevid.com/1010/in.cgi?default&hdrxu=0&skhdv=0&pzlek=2941759435&ur=1&h00p_REFERER=h00p%3A%2F%2Fanallovevid%2Ecom%2F1010%2Fin%2Ecgi%3Fdefault
119. => `./sample2'
120. Connecting to 192.168.7.11:8118... connected.
121. Proxy request sent, awaiting response... 302 Found
122. Location: h00p://anallovevid.com/index.php [following]
123. --00:28:48-- h00p://anallovevid.com/index.php
124. => `./sample2'
125. Connecting to 192.168.7.11:8118... connected.
126. Proxy request sent, awaiting response... 200 OK
127. Length: 5,162 (5.0K) [text/html]
128. 00:29:00 (1.59 KB/s) - `./sample2' saved [5162/5162]
129.  
130.  
131. // not we got index.php...
132. // what's this?
133.  
134. $ head ./sample2
135.  
136. <title>XXX Search :: blowjob</title>
137. <meta h00p-equiv="Content-Type" content="text/html; charset=UTF-8" />
138. <meta h00p-equiv="refresh" content="600; URL=search.php?q=blowjob" />
139. <link rel="STYLESHEET" type="text/css" href="/templates/adult-9/search.css">
140.  
141. // my goodness.. I rest my case...LOL
142.  
143. #MalwareMustDie