| Author |
Message |
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
 Posted:
Thu Feb 16, 2006 8:37 pm |
|
|
|
|
jaded
Theme Guru
Joined: Nov 01, 2003
Posts: 1006
|
| Posted:
Fri Feb 17, 2006 6:00 am |
|
|
|
|
hitwalker
|
| Posted:
Fri Feb 17, 2006 6:23 am |
|
|
|
|
|
jaded
|
| Posted:
Fri Feb 17, 2006 6:25 am |
|
as a follow up i went there and i found great amusement in the following. when you attempt to download from there.
| Quote: | IMPORTANT: In an effort to prevent bandwidth theft, We have implemented measures to ensure that the download requests are only processed from our site. This mechanism is not compatible with all anti-virus software, download accelerators, and proxies. If you make it through to the download request screen and then get a Forbidden message, the chances are it is a result of one of the three things just mentioned. In that case, you will have to temporarily disable or tweak the settings for those applications to allow the download.
Thank You For Your Co-operation. |
the idea that they are concerned about bandwidth theft simply cracked me up  |
Last edited by jaded on Fri Feb 17, 2006 7:03 am; edited 1 time in total |
|
|
|
|
hitwalker
|
| Posted:
Fri Feb 17, 2006 6:59 am |
|
whitch file did you tried cause i could still download the collapsable ....... |
| |
|
|
|
|
jaded
|
| Posted:
Fri Feb 17, 2006 7:01 am |
|
LOL, he has half of the nuke sites out there, nukeresources included, hotlinked. With the number of downloads everyone is having their transfer stolen. I have to say that if you cannot afford to host the site you want then don't run one. If the only way that you can run a website is to leech off the back of every other site out there then give up the dream. I suggest that you buy more space and bandwidth, get rid of the hotlinks, and try to run your site legitimatly.  |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Fri Feb 17, 2006 8:44 am |
|
| jaded wrote: | as a follow up i went there and i found great amusement in the following. when you attempt to download from there.
| Quote: | | IMPORTANT: In an effort to prevent bandwidth theft, We have implemented measures to ensure that the download requests are only processed from our site. This mechanism is not compatible with all anti-virus software, download accelerators, and proxies. If you make it through to the download request screen and then get a Forbidden message, the chances are it is a result of one of the three things just mentioned. In that case, you will have to temporarily disable or tweak the settings for those applications to allow the download. |
|
Why do I always laugh when i see those messages on a php-nuke download module?
This is 100% FUD information (also known as hoax), because the information is false.
Example: http://phpnuke-downloads.com/downloads/phpnuke/72-73patched.tar.gz
Now how did i get that, although they say they have an meganism?
(note the page says 404 but just press [enter] in the address bar, that will reset HTTP_REFERER to empty so you bypass his protection)
No wonder people hotlink nuke sites, it's always possible 
Now you go try that on Trevor and mine superior Downloads Pro module for Dragonfly, hehehe. |
Last edited by djmaze on Fri Feb 17, 2006 8:56 am; edited 3 times in total |
|
|
|
|
djmaze
|
| Posted:
Fri Feb 17, 2006 8:52 am |
|
Hmm if people are interested i could write a bot that lists all his downloads so you can mirror/hotlink them. |
| |
|
|
|
|
hitwalker
|
| Posted:
Fri Feb 17, 2006 8:54 am |
|
oh yeah do please......
ill drop it on a few friendly sites where it can be downloaded a few 100.000 times.... |
| |
|
|
|
|
djmaze
|
| Posted:
Fri Feb 17, 2006 9:07 am |
|
fetch.php file:
Code:
<?php
if (isset($_POST['id'])) {
echo base64_decode($_POST['id']);
)
?>
<form action="fetch.php" method="POST">
fetchid: <input name="id" value="aHR0cDovL3d3dy5waHBudWtlLWRvd25sb2Fkcy5jb20vZG93bmxvYWRzL2Jsb2Nrcy9ibG9jay1kYmNsb2NrLnppcA==">
<input type="submit" name="Download It" value="Download It">
</form>
|
The value for fetchid can be found on a phpnuke-downloads.com download page at:
<input type="hidden" name="fetchid" value="foobar">
where 'foobar' is a long encoded string
The id in the above code decodes into http://www.phpnuke-downloads.com/downloads/blocks/block-dbclock.zip
copy the url into your browser address bar and hit enter.
hitwalker, i could write a more sophisticated system that allows you to completely replace your downloads module with a hotlink module.
But that's not realy fun for me, anyway with the above example you should be on your way.
NOTE: This is the only PoC i have ever provided on this website and will hopefully be my last. I've provided this PoC not because someone is a asshole but more based on many assholes that disbelieve my warnings and words that i should stop mentioning that i could hack them. This simple PoC should be enough to let you all know i know enough about php-nuke for not using it. |
Last edited by djmaze on Fri Feb 17, 2006 9:12 am; edited 1 time in total |
|
|
|
|
hitwalker
|
| Posted:
Fri Feb 17, 2006 9:10 am |
|
so is this type download per download or is it somehow automated..?
or how to go for that? |
| |
|
|
|
|
djmaze
|
| Posted:
Fri Feb 17, 2006 9:15 am |
|
1. go to a download on his website that you want.
2. view source
3. find in source: name="fetchid"
4. copy value into fetch.php script
I could make it fully automatic using preg_match() but i don't. It's just bad to ask an "eye for an eye" |
| |
|
|
|
|
hitwalker
|
| Posted:
Fri Feb 17, 2006 9:19 am |
|
yes i understand but people have to do to much work with way......lol |
| |
|
|
|
|
sting
Involved
Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...
|
| Posted:
Fri Feb 17, 2006 10:00 am |
|
Guys/Gals, sorry if I have inconenienced anyone, but I moved this here due to DJ's POC. Awesome POC by the way, but I just can't stand the thought of some kiddie out there getting it.
Now come to think of it, I didn't actually see the exact forum it was in before, so I may have moved it to a forum with the same security perms.
Want Raven to see this before putting it out there for all to see.
-sting |
_________________
You see - I told you I wasn't paranoid. They were really out to get me. |
|
 
  |
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Feb 19, 2006 10:12 am |
|
Thanks Sting for your sensitivity in this matter. After having talked to DJ about it and reading it over, I think it will serve more purpose in the open than not. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
