SlideShare a Scribd company logo

Smashing the stats for fun (and profit)

Security B-Sides
Security B-Sides

Shaun Dewberry ZaCon 2009 http://www.zacon.org.za/Archives/2009/slides/

Technology
1 of 31
Download to read offline
If  you’re  not  famous,  fake  it.  
  Shaun  Dewberry       Unix/Security  guy     Pretoria  University  (expelled  for  hacking!)     aka  LowVoltage  
  Technorati.com     In  SA:     Amatomu.com     Afrigator.co.za     Blogger  pissing  contest  
<!-­‐-­‐  Start  AMATOMU.COM  code  -­‐-­‐>   <img  height='1'  style='display:none'  width='1'   src='http://www.amatomu.com/log.php? cid=a433e87b0ebYe493dc055153ae332be0ee da46c'  />   <!-­‐-­‐  End  AMATOMU.COM  code  -­‐-­‐>  
  Slow     Not  really  automated     Boring     Obvious     Traceable  
while  [  1  ]  do   wget  http://www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   done;  
  Don’t  crash  the  server!     More  random  log  entries   #!/bin/sh   Set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  30";    #  Random  0  to  30  Second  delay   wget  http://www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   echo  "Waiting  $delay  seconds"   sleep  $delay   done;  
#!/bin/bash   set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  6";    wget  -­‐-­‐delete-­‐after  http://afrigator.com/track/5013-­‐none.gif   sleep  $delay;     done;  
  wget  User-­‐Agent  visible  in  server  logs     All  visits  from  same  source  IP  address  
  http://www.user-­‐agent.org   "Mozilla/4.0  (compatible;  MSIE  7.0;  Windows  NT  5.1;  .NET  CLR  1.1.4322;  .NET  CLR   2.0.50727;  .NET  CLR  3.0.04506.30   Mozilla/5.0  (Windows;  U;  Windows  NT  6.0;  en-­‐US;  rv:1.9.0.4)  Gecko/2008102920  Firefox/3.0.4   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US;  rv:1.9.0.4)  Gecko/2008102920  Firefox/3.0.4   Mozilla/5.0  (X11;  U;  Linux  i686;  en-­‐US;  rv:1.9.0.2)  Gecko/2008092313  Ubuntu/8.04  (hardy)   Firefox/3.1   Mozilla/5.0  (Windows;  U;  Windows  NT  6.0;  en-­‐US;  rv:1.9.0.2)  Gecko/2008091620  Firefox/3.0.2   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US;  rv:1.9.0.1)  Gecko/2008070208  Firefox/3.0.0   Mozilla/5.0  (Windows;  Windows  NT  5.1;  en-­‐US;  rv:1.8.1.9)  Gecko/20071025  Firefox/2.0.0.9   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en_US;  rv:1.8.1.6)  Gecko/20070725  Firefox/2.0.0.7   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US)  AppleWebKit/525.19  (KHTML,  like  Gecko)   Chrome/0.4.154.18  Safari/525.19  
set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  30"   let  "ua  =  RANDOM  %  `wc  -­‐l  useragents.txt  |  awk  '{print  $1}'`  +  1"   uastring=`sed  -­‐n  ${ua}p  useragents.txt;`    wget  -­‐q  -­‐-­‐delete-­‐after  -­‐-­‐user-­‐agent="$uastring"  http:// www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   sleep  $delay   done;  
“Tor  protects  you  by  bouncing  your   communications  around  a  distributed   network  of  relays  run  by  volunteers  all  around   the  world:  it  prevents  somebody  watching   your  Internet  connection  from  learning  what   sites  you  visit,  and  it  prevents  the  sites  you   visit  from  learning  your  physical  location.”                -­‐-­‐torproject.org  
wget   tsocks   tor     Aggregator   •   tsocks.sourceforge.net  –  Transparent  Socks  Proxy  
  #20  of  31  “ top  non-­‐US  startups  to  watch   worldwide”  by  Business  2.0  (money.cnn.com)     Top  10  International  Products  for  2008  –   ReadWriteWeb     Acquired  by  Naspers     Blah  blah  blah…     WTF?  Security  Anyone?  
  Invitations  to  launches     More  traffic  (ironic,  isn’t  it?)     Gadgets  for  review     Press  accreditation     Fake  a  career  as  a  social  media  expert     Social  engineering  hack  
  Ad  network  linking  bloggers  and  advertisers     Revenue  based  on  CPM  (ad  impressions)     CPM  is  horribly  broken  
<!-­‐-­‐/*  Adgator.co.za  Javascript  Tag  v2.6.3  */-­‐-­‐>    <script  type='text/javascript'><!-­‐-­‐//<![CDATA[        var  m3_u  =  (location.protocol=='https:'?'https://ads.adgator.co.za/delivery/ajs.php':'http://ads.adgator.co.za/delivery/ajs.php');        var  m3_r  =  Math.floor(Math.random()*99999999999);        if  (!document.MAX_used)  document.MAX_used  =  ',';        document.write  ("<scr"+"ipt  type='text/javascript'  src='"+m3_u);        document.write  ("?zoneid=471");        document.write  ('&amp;cb='  +  m3_r);        if  (document.MAX_used  !=  ',')  document.write  ("&amp;exclude="  +  document.MAX_used);        document.write  (document.charset  ?  '&amp;charset='+document.charset  :  (document.characterSet  ?   '&amp;charset='+document.characterSet  :  ''));        document.write  ("&amp;loc="  +  escape(window.location));        if  (document.referrer)  document.write  ("&amp;referer="  +  escape(document.referrer));        if  (document.context)  document.write  ("&context="  +  escape(document.context));        if  (document.mmm_fo)  document.write  ("&amp;mmm_fo=1");        document.write  ("'></scr"+"ipt>");   //]]>-­‐-­‐></script><noscript><a  href='http://ads.adgator.co.za/delivery/ck.php?n=ad677422&cb=INSERT_RANDOM_NUMBER_HERE'   target='_blank'><img  src='http://ads.adgator.co.za/delivery/avw.php?zoneid=471&n=ad677422'  border='0'  alt=''  /></a></noscript>   Only  care  about  ad  image:  http://ads.adgator.co.za/delivery/avw.php? zoneid=471&n=ac71ad4f  
  No  ads  are  served  to  wget??     OpenX  Ad  Server     If  no  cookie  gets  set,  then  no  ad  gets  served     Certain  User  Agents  are  ignored     First  ad  served,  but  no  ads  thereafter   (caching?)     Geo-­‐targeting  
  Accept  cookies  (and  turf  them)     &cb=RANDOM  parameter  (Cache  blocking)     tor  nodes  in  ZA?     Zombie  TelkomADSL  botnet?     Open  proxy  servers  –  Proof  of  Concept  
let  "delay  =  RANDOM  %  40"    #  Up  to  40  second  delay  –  let’s  not  be  greedy   let  "prand  =  RANDOM  %  `wc  -­‐l  proxies.txt  |  awk  '{print  $1}'`  +  1"     http_proxy=`sed  -­‐n  ${prand}p  proxies.txt;`  #  select  a  random  proxy   let  "ua  =  RANDOM  %  `wc  -­‐l  useragents.txt  |  awk  '{print  $1}'`  +  1"   uastring=`sed  -­‐n  ${ua}p  useragents.txt;`  #  random  useragent   let  "rand  =  RANDOM  %  999999999"  #  random  integer  for  cache  blocking    if  [  $http_proxy  ==  "tsocks"  ];  then    #    1/3rd  of  the  time  route  through  tor        export  http_proxy=        /usr/bin/tsocks  /usr/local/bin/wget  -­‐-­‐no-­‐clobber  -­‐-­‐no-­‐cache  -­‐-­‐max-­‐redirect=0  -­‐-­‐ user-­‐agent="$uastring"  -­‐-­‐referer=http://ramboguy.co.za  "http:// ads.adgator.co.za/delivery/avw.php?zoneid=471&n=ac71ad4f&cb=$rand"    else        #  otherwise  request  the  ad  straight  through  the  SA  proxy    /usr/bin/wget  -­‐d  -­‐-­‐no-­‐clobber  -­‐-­‐no-­‐cache  -­‐-­‐user-­‐agent="$uastring"  -­‐-­‐ referer=http://ramboguy.co.za  "http://ads.adgator.co.za/delivery/avw.php? zoneid=471&n=ac71ad4f&cb=$rand"    fi  
•   90  Ad  impressions/day   •   Paid  Ads  Served:  224   •   Earnings:  R11.09  
•   800  impressions/day        (2  hour  run)   •   1677  Paid  Ads  Served   •   Earnings:  R86.58      
  Automated  auditing  with  complex  analysis   tools     Don’t  use  impression  based  costing  models   (duh!)  
  R8  per  hour  (conservative)     24  hours     30  days     R  5  760  per  month     Mahala     The  beer’s  on  me!  

Recommended

Taking the pain out of signing users in
Taking the pain out of signing users inTaking the pain out of signing users in
Taking the pain out of signing users inFrancois Marier
 
Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Anatomy of a WordPress Hack
Anatomy of a WordPress HackAnatomy of a WordPress Hack
Anatomy of a WordPress Hackjessepollak
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Você precisa aprender Web
Você precisa aprender WebVocê precisa aprender Web
Você precisa aprender WebJean Carlo Emer
 
Creating a ssh_key_no_password
Creating a ssh_key_no_passwordCreating a ssh_key_no_password
Creating a ssh_key_no_passwordJames Jara
 
historia saquinga
historia saquinga historia saquinga
historia saquinga zantytaz
 
CARATULA ASPT: PROAÑO
CARATULA ASPT: PROAÑOCARATULA ASPT: PROAÑO
CARATULA ASPT: PROAÑOzantytaz
 

Recommended

Taking the pain out of signing users in
Taking the pain out of signing users inTaking the pain out of signing users in
Taking the pain out of signing users inFrancois Marier
 
Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Anatomy of a WordPress Hack
Anatomy of a WordPress HackAnatomy of a WordPress Hack
Anatomy of a WordPress Hackjessepollak
 
Java script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupJava script, security and you - Tri-Cities Javascript Developers Group
Java script, security and you - Tri-Cities Javascript Developers GroupAdam Caudill
 
Você precisa aprender Web
Você precisa aprender WebVocê precisa aprender Web
Você precisa aprender WebJean Carlo Emer
 
Creating a ssh_key_no_password
Creating a ssh_key_no_passwordCreating a ssh_key_no_password
Creating a ssh_key_no_passwordJames Jara
 
historia saquinga
historia saquinga historia saquinga
historia saquinga zantytaz
 
CARATULA ASPT: PROAÑO
CARATULA ASPT: PROAÑOCARATULA ASPT: PROAÑO
CARATULA ASPT: PROAÑOzantytaz
 
Hp26簡報 joyhsu
Hp26簡報 joyhsuHp26簡報 joyhsu
Hp26簡報 joyhsuJoy Hsu
 
Metodologia de-las-5-s
Metodologia de-las-5-sMetodologia de-las-5-s
Metodologia de-las-5-sYolanda Chereti García
 
High Performance Webdesign
High Performance WebdesignHigh Performance Webdesign
High Performance Webdesign拓樹 谷
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java sJoel Bisonzi
 
CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書拓樹 谷
 
Boki mio solito
Boki mio solitoBoki mio solito
Boki mio solitonormitaisabel
 
Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014Peter Martin
 
https
httpshttps
httpsJonas Lejon
 
Embed
EmbedEmbed
EmbedPablo García
 
Html22
Html22Html22
Html22passkalilo
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
ForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたいForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたいktz_alias
 
Todo sobre futbol
Todo sobre futbolTodo sobre futbol
Todo sobre futbolsergioandres9913
 
Img style
Img styleImg style
Img stylejoserrass96
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxJames Jara
 
Codigos web
Codigos webCodigos web
Codigos webrokyn
 
Código player fixo
Código player fixoCódigo player fixo
Código player fixoPoowstrayer
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Earn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbankEarn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbankJaroslaw Istok
 
Earn money with banner and text ads for Clickbank
Earn money with banner and text ads for ClickbankEarn money with banner and text ads for Clickbank
Earn money with banner and text ads for ClickbankJaroslaw Istok
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 

More Related Content

What's hot

Hp26簡報 joyhsu
Hp26簡報 joyhsuHp26簡報 joyhsu
Hp26簡報 joyhsuJoy Hsu
 
High Performance Webdesign
High Performance WebdesignHigh Performance Webdesign
High Performance Webdesign拓樹 谷
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java sJoel Bisonzi
 
CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書拓樹 谷
 
Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014Peter Martin
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureJames Jara
 
ForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたいForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたいktz_alias
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012Abraham Aranguren
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxJames Jara
 
Codigos web
Codigos webCodigos web
Codigos webrokyn
 
Código player fixo
Código player fixoCódigo player fixo
Código player fixoPoowstrayer
 

What's hot (18)

Hp26簡報 joyhsu
Hp26簡報 joyhsuHp26簡報 joyhsu
Hp26簡報 joyhsu
 
Metodologia de-las-5-s
Metodologia de-las-5-sMetodologia de-las-5-s
Metodologia de-las-5-s
 
High Performance Webdesign
High Performance WebdesignHigh Performance Webdesign
High Performance Webdesign
 
A simple html login page using java s
A simple html login page using java sA simple html login page using java s
A simple html login page using java s
 
CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書CSSプリプロセッサの取扱説明書
CSSプリプロセッサの取扱説明書
 
Boki mio solito
Boki mio solitoBoki mio solito
Boki mio solito
 
Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn website is gehackt - Joomla User Group Den Bosch 2014
 
https
httpshttps
https
 
Embed
EmbedEmbed
Embed
 
Html22
Html22Html22
Html22
 
Installar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configureInstallar desde la_fuente_linux_make_configure
Installar desde la_fuente_linux_make_configure
 
ForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたいForefoxでもReveal.jsのスライドをpdfにしたい
ForefoxでもReveal.jsのスライドをpdfにしたい
 
Todo sobre futbol
Todo sobre futbolTodo sobre futbol
Todo sobre futbol
 
Img style
Img styleImg style
Img style
 
VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012VSA: The Virtual Scripted Attacker, Brucon 2012
VSA: The Virtual Scripted Attacker, Brucon 2012
 
Ultima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linuxUltima linea ejecutada_en_terminal_linux
Ultima linea ejecutada_en_terminal_linux
 
Codigos web
Codigos webCodigos web
Codigos web
 
Código player fixo
Código player fixoCódigo player fixo
Código player fixo
 

Similar to Smashing the stats for fun (and profit)

[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Earn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbankEarn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbankJaroslaw Istok
 
Earn money with banner and text ads for Clickbank
Earn money with banner and text ads for ClickbankEarn money with banner and text ads for Clickbank
Earn money with banner and text ads for ClickbankJaroslaw Istok
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity George Boobyer
 
Widget Summit 2008
Widget Summit 2008Widget Summit 2008
Widget Summit 2008Volkan Unsal
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiDefconRussia
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal
 
[parisweb] Adaptive Images in Responsive Web Design
[parisweb] Adaptive Images in Responsive Web Design[parisweb] Adaptive Images in Responsive Web Design
[parisweb] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
 
Velocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and youVelocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and youPatrick Meenan
 
[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Private slideshow
Private slideshowPrivate slideshow
Private slideshowsblackman
 
#NewMeetup Performance
#NewMeetup Performance#NewMeetup Performance
#NewMeetup PerformanceJustin Cataldo
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mike West
 

Similar to Smashing the stats for fun (and profit) (20)

[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
 
Earn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbankEarn money with banner and text ads for clickbank
Earn money with banner and text ads for clickbank
 
Earn money with banner and text ads for Clickbank
Earn money with banner and text ads for ClickbankEarn money with banner and text ads for Clickbank
Earn money with banner and text ads for Clickbank
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity
 
Ruby Robots
Ruby RobotsRuby Robots
Ruby Robots
 
Widget Summit 2008
Widget Summit 2008Widget Summit 2008
Widget Summit 2008
 
The Devil and HTML5
The Devil and HTML5The Devil and HTML5
The Devil and HTML5
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
 
Random numbers
Random numbersRandom numbers
Random numbers
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
[parisweb] Adaptive Images in Responsive Web Design
[parisweb] Adaptive Images in Responsive Web Design[parisweb] Adaptive Images in Responsive Web Design
[parisweb] Adaptive Images in Responsive Web Design
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014
 
Velocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and youVelocity EU 2012 - Third party scripts and you
Velocity EU 2012 - Third party scripts and you
 
[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design
 
Private slideshow
Private slideshowPrivate slideshow
Private slideshow
 
#NewMeetup Performance
#NewMeetup Performance#NewMeetup Performance
#NewMeetup Performance
 
Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013Mitigate Maliciousness -- jQuery Europe 2013
Mitigate Maliciousness -- jQuery Europe 2013
 

More from Security B-Sides

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atlSecurity B-Sides
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c Security B-Sides
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Security B-Sides
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySecurity B-Sides
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...Security B-Sides
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonSecurity B-Sides
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity B-Sides
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Security B-Sides
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineSecurity B-Sides
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsSecurity B-Sides
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldSecurity B-Sides
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?Security B-Sides
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSecurity B-Sides
 

More from Security B-Sides (20)

Lord of the bing b-sides atl
Lord of the bing b-sides atlLord of the bing b-sides atl
Lord of the bing b-sides atl
 
The road to hell v0.6
The road to hell v0.6The road to hell v0.6
The road to hell v0.6
 
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c 2010 07 BSidesLV Mobilizing The PCI Resistance 1c
2010 07 BSidesLV Mobilizing The PCI Resistance 1c
 
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
Tastes Great vs Less Filling: Deconstructing Risk Management (A Practical App...
 
Social Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike BaileySocial Penetration - Mike Murray and Mike Bailey
Social Penetration - Mike Murray and Mike Bailey
 
How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...How really to prepare for a credit card compromise (PCI) forensics investigat...
How really to prepare for a credit card compromise (PCI) forensics investigat...
 
Risk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex HuttonRisk Management - Time to blow it up and start over? - Alex Hutton
Risk Management - Time to blow it up and start over? - Alex Hutton
 
Security? Who cares! - Brett Hardin
Security? Who cares! - Brett HardinSecurity? Who cares! - Brett Hardin
Security? Who cares! - Brett Hardin
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
Computing Risk without Numbers: A Semantic Approach to Risk Metrics - Tim Ke...
 
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio VaccineThe Great Compliance Debate: No Child Left Behind or The Polio Vaccine
The Great Compliance Debate: No Child Left Behind or The Polio Vaccine
 
Dominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource toolsDominique Karg - Advanced Attack Detection using OpenSource tools
Dominique Karg - Advanced Attack Detection using OpenSource tools
 
2009 Zacon Haroon Meer
2009 Zacon Haroon Meer2009 Zacon Haroon Meer
2009 Zacon Haroon Meer
 
Enterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the GoldEnterprise Portals - Gateway to the Gold
Enterprise Portals - Gateway to the Gold
 
From fishing to phishing to ?
From fishing to phishing to ?From fishing to phishing to ?
From fishing to phishing to ?
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 
Make Tea Not War
Make Tea Not WarMake Tea Not War
Make Tea Not War
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Exploitation
ExploitationExploitation
Exploitation
 
Layer 2 Hackery
Layer 2 HackeryLayer 2 Hackery
Layer 2 Hackery
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Smashing the stats for fun (and profit)

  • 1. If  you’re  not  famous,  fake  it.  
  • 2.   Shaun  Dewberry       Unix/Security  guy     Pretoria  University  (expelled  for  hacking!)     aka  LowVoltage  
  • 3.   Technorati.com     In  SA:     Amatomu.com     Afrigator.co.za     Blogger  pissing  contest  
  • 4.
  • 5.
  • 6. <!-­‐-­‐  Start  AMATOMU.COM  code  -­‐-­‐>   <img  height='1'  style='display:none'  width='1'   src='http://www.amatomu.com/log.php? cid=a433e87b0ebYe493dc055153ae332be0ee da46c'  />   <!-­‐-­‐  End  AMATOMU.COM  code  -­‐-­‐>  
  • 7.
  • 8.   Slow     Not  really  automated     Boring     Obvious     Traceable  
  • 9. while  [  1  ]  do   wget  http://www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   done;  
  • 10.   Don’t  crash  the  server!     More  random  log  entries   #!/bin/sh   Set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  30";    #  Random  0  to  30  Second  delay   wget  http://www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   echo  "Waiting  $delay  seconds"   sleep  $delay   done;  
  • 11. #!/bin/bash   set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  6";    wget  -­‐-­‐delete-­‐after  http://afrigator.com/track/5013-­‐none.gif   sleep  $delay;     done;  
  • 12.   wget  User-­‐Agent  visible  in  server  logs     All  visits  from  same  source  IP  address  
  • 13.   http://www.user-­‐agent.org   "Mozilla/4.0  (compatible;  MSIE  7.0;  Windows  NT  5.1;  .NET  CLR  1.1.4322;  .NET  CLR   2.0.50727;  .NET  CLR  3.0.04506.30   Mozilla/5.0  (Windows;  U;  Windows  NT  6.0;  en-­‐US;  rv:1.9.0.4)  Gecko/2008102920  Firefox/3.0.4   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US;  rv:1.9.0.4)  Gecko/2008102920  Firefox/3.0.4   Mozilla/5.0  (X11;  U;  Linux  i686;  en-­‐US;  rv:1.9.0.2)  Gecko/2008092313  Ubuntu/8.04  (hardy)   Firefox/3.1   Mozilla/5.0  (Windows;  U;  Windows  NT  6.0;  en-­‐US;  rv:1.9.0.2)  Gecko/2008091620  Firefox/3.0.2   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US;  rv:1.9.0.1)  Gecko/2008070208  Firefox/3.0.0   Mozilla/5.0  (Windows;  Windows  NT  5.1;  en-­‐US;  rv:1.8.1.9)  Gecko/20071025  Firefox/2.0.0.9   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en_US;  rv:1.8.1.6)  Gecko/20070725  Firefox/2.0.0.7   Mozilla/5.0  (Windows;  U;  Windows  NT  5.1;  en-­‐US)  AppleWebKit/525.19  (KHTML,  like  Gecko)   Chrome/0.4.154.18  Safari/525.19  
  • 14. set  RANDOM=$$   while  [  1  ]   do   let  "delay  =  RANDOM  %  30"   let  "ua  =  RANDOM  %  `wc  -­‐l  useragents.txt  |  awk  '{print  $1}'`  +  1"   uastring=`sed  -­‐n  ${ua}p  useragents.txt;`    wget  -­‐q  -­‐-­‐delete-­‐after  -­‐-­‐user-­‐agent="$uastring"  http:// www.amatomu.com/log.php? cid=a433e87b0eb>e493dc055153ae332be0eeda46c   sleep  $delay   done;  
  • 15. “Tor  protects  you  by  bouncing  your   communications  around  a  distributed   network  of  relays  run  by  volunteers  all  around   the  world:  it  prevents  somebody  watching   your  Internet  connection  from  learning  what   sites  you  visit,  and  it  prevents  the  sites  you   visit  from  learning  your  physical  location.”                -­‐-­‐torproject.org  
  • 16. wget   tsocks   tor     Aggregator   •   tsocks.sourceforge.net  –  Transparent  Socks  Proxy  
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.   #20  of  31  “ top  non-­‐US  startups  to  watch   worldwide”  by  Business  2.0  (money.cnn.com)     Top  10  International  Products  for  2008  –   ReadWriteWeb     Acquired  by  Naspers     Blah  blah  blah…     WTF?  Security  Anyone?  
  • 22.   Invitations  to  launches     More  traffic  (ironic,  isn’t  it?)     Gadgets  for  review     Press  accreditation     Fake  a  career  as  a  social  media  expert     Social  engineering  hack  
  • 23.   Ad  network  linking  bloggers  and  advertisers     Revenue  based  on  CPM  (ad  impressions)     CPM  is  horribly  broken  
  • 24. <!-­‐-­‐/*  Adgator.co.za  Javascript  Tag  v2.6.3  */-­‐-­‐>    <script  type='text/javascript'><!-­‐-­‐//<![CDATA[        var  m3_u  =  (location.protocol=='https:'?'https://ads.adgator.co.za/delivery/ajs.php':'http://ads.adgator.co.za/delivery/ajs.php');        var  m3_r  =  Math.floor(Math.random()*99999999999);        if  (!document.MAX_used)  document.MAX_used  =  ',';        document.write  ("<scr"+"ipt  type='text/javascript'  src='"+m3_u);        document.write  ("?zoneid=471");        document.write  ('&amp;cb='  +  m3_r);        if  (document.MAX_used  !=  ',')  document.write  ("&amp;exclude="  +  document.MAX_used);        document.write  (document.charset  ?  '&amp;charset='+document.charset  :  (document.characterSet  ?   '&amp;charset='+document.characterSet  :  ''));        document.write  ("&amp;loc="  +  escape(window.location));        if  (document.referrer)  document.write  ("&amp;referer="  +  escape(document.referrer));        if  (document.context)  document.write  ("&context="  +  escape(document.context));        if  (document.mmm_fo)  document.write  ("&amp;mmm_fo=1");        document.write  ("'></scr"+"ipt>");   //]]>-­‐-­‐></script><noscript><a  href='http://ads.adgator.co.za/delivery/ck.php?n=ad677422&cb=INSERT_RANDOM_NUMBER_HERE'   target='_blank'><img  src='http://ads.adgator.co.za/delivery/avw.php?zoneid=471&n=ad677422'  border='0'  alt=''  /></a></noscript>   Only  care  about  ad  image:  http://ads.adgator.co.za/delivery/avw.php? zoneid=471&n=ac71ad4f  
  • 25.   No  ads  are  served  to  wget??     OpenX  Ad  Server     If  no  cookie  gets  set,  then  no  ad  gets  served     Certain  User  Agents  are  ignored     First  ad  served,  but  no  ads  thereafter   (caching?)     Geo-­‐targeting  
  • 26.   Accept  cookies  (and  turf  them)     &cb=RANDOM  parameter  (Cache  blocking)     tor  nodes  in  ZA?     Zombie  TelkomADSL  botnet?     Open  proxy  servers  –  Proof  of  Concept  
  • 27. let  "delay  =  RANDOM  %  40"    #  Up  to  40  second  delay  –  let’s  not  be  greedy   let  "prand  =  RANDOM  %  `wc  -­‐l  proxies.txt  |  awk  '{print  $1}'`  +  1"     http_proxy=`sed  -­‐n  ${prand}p  proxies.txt;`  #  select  a  random  proxy   let  "ua  =  RANDOM  %  `wc  -­‐l  useragents.txt  |  awk  '{print  $1}'`  +  1"   uastring=`sed  -­‐n  ${ua}p  useragents.txt;`  #  random  useragent   let  "rand  =  RANDOM  %  999999999"  #  random  integer  for  cache  blocking    if  [  $http_proxy  ==  "tsocks"  ];  then    #    1/3rd  of  the  time  route  through  tor        export  http_proxy=        /usr/bin/tsocks  /usr/local/bin/wget  -­‐-­‐no-­‐clobber  -­‐-­‐no-­‐cache  -­‐-­‐max-­‐redirect=0  -­‐-­‐ user-­‐agent="$uastring"  -­‐-­‐referer=http://ramboguy.co.za  "http:// ads.adgator.co.za/delivery/avw.php?zoneid=471&n=ac71ad4f&cb=$rand"    else        #  otherwise  request  the  ad  straight  through  the  SA  proxy    /usr/bin/wget  -­‐d  -­‐-­‐no-­‐clobber  -­‐-­‐no-­‐cache  -­‐-­‐user-­‐agent="$uastring"  -­‐-­‐ referer=http://ramboguy.co.za  "http://ads.adgator.co.za/delivery/avw.php? zoneid=471&n=ac71ad4f&cb=$rand"    fi  
  • 28. •   90  Ad  impressions/day   •   Paid  Ads  Served:  224   •   Earnings:  R11.09  
  • 29. •   800  impressions/day        (2  hour  run)   •   1677  Paid  Ads  Served   •   Earnings:  R86.58      
  • 30.   Automated  auditing  with  complex  analysis   tools     Don’t  use  impression  based  costing  models   (duh!)  
  • 31.   R8  per  hour  (conservative)     24  hours     30  days     R  5  760  per  month     Mahala     The  beer’s  on  me!