Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do we crash systems, browsers, or otherwise bring things to a halt, and how do we protect those things? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Using traffic to target other hosts.
Posted by: jungsonn
Date: March 30, 2007 04:22AM

So, I run a (pr0n live webcam) website for around 8 years now, and it got tons of traffic, I never visit it cause it earns me money and I leave it be. It got around 30.000 visitors a day. Now, I though about some interesting idea I had last week:

I know I can use that traffic to run scripts for me. scripts that portscan other hosts, run remote exploits, and even Ddossing remote services.

The idea is simple:

I have my high traffic website, and in a hidden iframe I run a remote script, that script does what I want it to do. The surfer will not notice that I run it, unless they look in the source. But, the thing is, I could use that 30K traffic for very malicious uses. Cause when the remote script runs, it targets a host with all the browser info of the surfers which open my site.

But, next thing is javascript. Because javascript runs in the browser only, it is interesting to use it for maliciuos acts, because when I build a javascript portscanner, the time that the surfers opens my site, a remote host is targeted with his IP and browser info. the next thing is then that I make AJAX calls to store that info.

Smart Idea? it sounds cool to try it out.

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: FR3DC3RV
Date: March 30, 2007 07:09AM

It might be an good idea.

-------------------------------
http://fr3dc3rv.blogspot.com

Options: ReplyQuote
Re: Using traffic to target other hosts.
Date: March 30, 2007 03:45PM

Live webcams eh? Which one do you run?


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: hackathology
Date: March 31, 2007 03:00AM

Cool, thats a very interesting idea, but would you really do something malicious like this?

http://hackathology.blogspot.com

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: jungsonn
Date: March 31, 2007 06:30AM

@Awesome, I can't say sorry, but it's a dutch one. (I have certain reasons for this) :)


Yeh I'm not 100% sure what to use it for, but I think it's interesting to try a couple examples which do basic portscanning first. But who knows it can come into use someday.

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: rsnake
Date: March 31, 2007 06:39PM

Well it's pretty easy to monetize that, or use them to spam on your behalf or use them to hack their own routers (again for building botnets for spamming or otherwise). I had no idea you ran pr0n sites. Very interesting. There are tons of ways to monetize pr0n, but it's a tough industry due to the chargeback ratios. Although I do have a lot of ideas on how to minimize chargebacks.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Using traffic to target other hosts.
Date: March 31, 2007 08:35PM

I thought about creating one once, but I'm not totally sure how to go about it in regards to keeping all the necessary legal information, and the rest of it.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: jungsonn
Date: April 01, 2007 07:08AM

Well it's actually a site builded by me, but I'm just an affiliate. I don't have my own content or such. But, it earns me a good buck. I can pay my house rent from it so, why not.

But, like you said RSnake, there are ways to make more money from it. It could be my complete income, but I don't like doing that all day long. In any case I got tons of logs from that traffic I get, and maybe I go insert a little script which I can activate remotely when I need it. Like, if someone is targetting me I can use it for a counter attackers a couple of times.

EDIT: I did use that server a couple of times to scan other websites, because the server it runs on got thousands of subdomains op a certain IP range, so it's hard to trace back to me, and I signed up anonymously with that hosting account by forging my identity some years back, cause I knew I could use it one day.



Edited 1 time(s). Last edit at 04/01/2007 07:14AM by jungsonn.

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: bodil
Date: April 08, 2007 03:46PM

"never visit it cause it earns me money and I leave it be." Haha, you are fooling no one dirty boy. I know, you know and everybody else knows, that you have your own spy script implemented, so that you can spy on peoples dirty private sessions :)

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: rsnake
Date: April 08, 2007 10:21PM

Wouldn't surprise me one bit. ;)

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: jungsonn
Date: April 13, 2007 07:34PM

Ehh... *grin*

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: Gorka
Date: November 22, 2008 08:08PM

You can easily use the script to look for emails to create spam lists, I had thought of doing this with flash rather than javascript/ajax but either would work.

And I actually considered creating a virtual computer where you could use other people's computers to run your operations, although I'm still trying to figure how to achieve the virtual hard disk.

Cheers

Options: ReplyQuote
Re: Using traffic to target other hosts.
Posted by: tuki
Date: November 30, 2008 07:59PM

people actually pay for p0rn? wow..

Options: ReplyQuote


Sorry, only registered users may post in this forum.