// Grabbing Files: Naughty or Nice
//
// by Disposable
//
// http://www.oldskoolphreak.com

Through some basic Perl, this article will discuss two ways of getting 
what you want:fast and overt vs. slow and stealthy. What does that mean?

Whether running up a counter or grabbing an entire online database, there 
are two ways to reach your objective. You can be a brute and grab data 
quickly, with no concern of the serving platform or the origiating IP, 
or you can take your time and grab the data slowly, possibly from different
domains.

(This acutally incorporates a fundamental principle of hacking. And 
physical security. And surveillance.)

So again, through some simple code, we will look at the ways to procure 
data and the ways that the parties involved are affected. 

Please, do not run these scripts. They are examples. Specifically, 
examples of running up the counter at http://www.helpmike.org/, the site 
dedicated to helping Michael Wally, aka Hairball, who allegedly committed
credit card fraud and identity theft. On to the Perl.

The first script demonstrates the quickest way to results:


******************

#!/usr/bin/perl -w
use LWP::Simple;
while (1) {getstore("http://img.interstuff.net/img.php?user=helpmike", 
"/dev/null");}

******************


Screw the formatting, we want to get lots of copies of the file and fast.
This will be effective, if you don't mind being conspicuous. Let's look at
the script.

First, we call Perl with warnings and include the LWP::Simple module. Then
simply grab the file and store it. (This script stores the file in the 
bit-bucket.) It will run until the user hits Ctrl+C, as the criterion to 
break out of the loop will never be met.

One can easily see the applications and implications of running such a 
script. You could pass a list of files to the script to grab what you need
quickly. If you hammer a server relentlessly, your IP could get 
blacklisted. The server may be fragile and such requests could be 
detrimental to its well-being. Also, consider the bandwith costs for the 
serving party. Make sure you use this method in the right situation.

As you would imagine, the other method of grabbing files takes a little 
bit more code - but not much:


******************

#!/usr/bin/perl -w

use strict;
use LWP::Simple;
use LWP;

my $html = get("http://www.atomintersoft.com/products/alive-proxy/proxy-list/anonymous/")
        or die "Can't fetch proxy list...";

$html =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+)/ or die;

my $host = 'http://img.interstuff.net/img.php?user=helpmike';

my $browser = LWP::UserAgent->new;

$browser->agent("Googlebot/2.1 (+http://www.google.com/bot.html)");
$browser->proxy("http", "http://$1");

while (1) {
        my $response = $browser->get($host, ':content_file' => '/dev/null');
        sleep 10;
}

******************


This script includes the use of an anonymous proxy, gleaned from one of 
many avaiable lists, and a spoofed user-agent string. Again, the file is 
"stored" in /dev/null and the script takes 10 second breaks between 
requests.

What are the applications and implications now? You could still pass a 
list of files to the script. The sleep time can be tweaked, depending on 
the target and the behavior of the proxy. You could save a whole list of 
proxies and use a different one for each file or group of files.

Perl or bash, overnight or over the course of weeks, write file-grabbing 
code appropriate for your situation. More importantly, be an astute 
hacker and realize when these situations exist.