I know IT people who majored in the arts. Not many, but they are out there. Nothing's stopping you from learning programming on your own or through certification training. The internet is full of good tutorials for every area.
Go for Codecademy for a programming introduction. Latter on, go for C++ and hammer at emulators and collect some experience, and then go for industrial emulation projects.
This is about automation for a customer (something we also love to do). But calling it a botnet at defcon, in the context of security? And russian hackers?
A botnet is a group of Internet-connected devices, each of which runs one or more bots. The bots don't have to be across the world on random people's PCs. And this is outside the context of security, it's in the context of online retail.
@@Galactipodit's not outside of context of security if it was presented at DEFCON. "DEF CON is a hacker convention ...since 1993 and today many attendees at DEF CON include computer security professionals, journalists, ..." Wikipedia According to the number of upvotes, I was not alone wondering.
I use Burpsuite to MITM the browser to work out the flow to build bots. I have automated my work in my last two jobs. The last one from 8 hours per day to 20 mins. Then I got the sack when the next boss came because my jobs looked so easy. They assigned a cheaper colleague to take over and he went nuts finding out it was going to take him 8 hours.
"Trespass to chattels" "very illegal" - before we get all FUDdy on that, the term actually means "you messed with and broke my shit, now I shall sue you." In the real world you'll be blocked and/or asked to stop before you're sued.
I wonder why this project was only successful for about 40 weeks or so? Did it start failing? Were there changes that the project could not handle? Did the other people COMPENSATE for the improvements and start intruding on the business?
sooooo, this is how all those scalpers, buy all the tickets from ticket master and keep us all from being able to buy them fairly. I need to learn how to do this stuff
ryan pongracz I remember a concert house working with a journalist from the same corporation to bait those bots with an unannounced concert then publicly shaming the scalping site that instabought tickets and put them up for sale before the concert was announced. Didn't make a dent.
The GROUP of RUSSIAN HACKERS hired by competing USED CAR DEALERSHIP. They bring them here from the cold Siberia, to conduct their evil plan on constructing a CAR SALES BOT. But I single handely defeated them.
found signs of PAS web shell, immediately attributes russia (for the dense never mind PAS is ukrainian and available here github.com/wordfence/grizzly was until recently available at profexer.name but site changed and i don't speak the language to grok it any more)
Exactly. If you replace "Russian Hacker" with any other racist stereotype you'll see that this is yet another attempt at pole pissing and chest thumping by a bigot.
Even AJAX forms are easy to reverse engineer. Also instead of making the browser click the button you could just submit the form from the bot server. Instead of constantly refreshing I'd just have a script submit the form a couple of times per second, and you could even have that running in the background. Of course, this was a rather new technique 7+ years ago.
9 років тому+2
Yeah I don't know how AJAX ended up in that comment. I probably meant HTML forms.
I would imagine you could estimate the lag time and server load needed by pinging the server and basing your purchase timing on the response. Could be wrong though...
Wow, how did the small dealership then handle buying over 800 cars in less than a year so as to then sell them on to customers?! Must have needed to massively increase his sales.
It seems odd that the market is consistently under-valuing these cars to the point where people are designing bots just so they can click 'buy now' as quickly as possible. Why aren't prices rising as a result? Why aren't they being sold at auction?
If you wanted to try just "re-enabling" the Buy button, you could just give the client a bookmarklet that alters the page content... probably still wouldn't work though, if they actually validate requests on the server side.
As he stated repeatedly, this kind of action could lead to people buying cars before the sale time-in which case you get all your accounts deleted and are banned from the service. This is how not to have a Good Day™.
BloCKBu5teR why? especially saying "ive got six snipers ready to go at noon, lets see how many kills we get"... i would kind of hope the NSA would pick that one up and investigate it a bit
+Kevin Klika he talks about that option near the end, and says while it probably would have worked, it wouldn't be the smartest choice for the same reason the VIN numbers were verified before trying to buy the car
You guys are aware he's a CIA/DIA contractor talking about work done a few years back. Hence the legality doesn't matter as he was operating above the law.
To anyone trying to do this that isn't 40-50 years old and want to write readable and sane code, imacros sounds like such overkill. The python library mechanize is what you need. Look up how to spoof a browser it's 20 lines of code your can copy paste that works anywhere. I could do this guys job, easily. Just goes to show that business is 90% who you know.
Probably, but this stuff isn't hard. The point of imacros though, is mechanize doesn't pull down ajax, and it's really easy to detect and block even with spoofed user agents.
what you say is 100% true, trying to get JS to run in mechanize is not something you want to do, all I was saying is for this application where they're just refreshing a page and looking at a button property then it's most certainly overkill
I can't say I have experience with automating processes that actually involve money (really in this context I'm just some script kid), but the validation mechanisms I've seen could be replicated by looking at the websites' code hard enough - is that not feasible for serious applications like this? Would it take too much time?
Yea, I've been on both sides of this problem. That's probably fine if you're just crawling one site, but the problem comes when you're crawling 20 websites, and need specialized code for each site for getting around A/B testing, browser validation, template updates, etc. It's soooo much easier to just throw up some imacros stuff and not even worry about how the site renders, just let it do its thing and then send you back the completed html.
Hello dear friends The 2nd December 2019 we get notified of the censorship of our channel by the new UA-cam Guidelines (who change every 6 months) because of "Content reusing without including substantial original commentary or educational value" so in consequence the Monetization of our channel was disabled. This is a little bit tricky because these Guidelines wasn't there in 2013, 2014, 2015 and so on... It is abnormal to change the rules during a game ...even more before Christmas! Since 2013 we are trying to share the best Security Conference on our channel and we need your help to keep it up. As you already know I was fighting the disease since the last 2 years and it's difficult and without resource and support I wouldn't be able to keep up on this way. You can support us on Patreon if you find our work valuable. You can also express your dissatisfaction regarding our situation to UA-cam on Twitter, Facebook, Instagram and wherever you can. to help us regain our rights. Your support in anyway will be truly appreciated Thanks guys for taking time reading me and stay tuned! Merry Christmas to you all and God bless you all! www.patreon.com/HackersOnBoard Bitcoin Wallet: 1NWM4upgKj8iF7zknzmnHG8Mm2pvAyTHqc
I'm afraid to watch more recent defcons. Now they are probably discussing how to make a dark theme for your browser or how to "hack" youtube ads by editing DOM on the fly.
how did the bot know what time the buy button would show up? wasn't that the whole point? if you knew what time the buy button would appear, you wouldn't need people constantly clicking refresh in the first place.
+ericsbuds Of course, even if you know that the car in on sale at, let's say 2pm, there are still 700-800 people wanting to press the buy button first. If you don't refresh, you won't be the first one to buy as it will not refresh automatically.
+ericsbuds I might be completely wrong, but as far as I understood, the time the offer went live was actually known to everyone. just like an auction, it starts at a specific time.
...my client said we were attacked by russian hackers.. WHY THE F%!$ does Russia care about a few cars on a dealership network? Give your head a shake people.
Credit on you for not writing a buy-before-the-button-appears button using a greasemonkey script, which the russians hackers would not hesitate to. ALSO you might have wanted to try working for the sales sites and have them setup a proper bidding process and have customers enter reserve prices...
Can someone explain to me how he determined the time from the server's clock? I''ll admit I'm not a web dev but it seems unlikely to me a server would voluntarily give away it's time to anyone who asks for it (who isn't already authenticated to the server with a user account). Did he possibly mean the sales website showed a clock?
I know this is late, and you might know the answer by now, but when a web server responds to a HTTP(S) request, they include a "Date" field in their reply header which has a lovely date/time value that is usually referenced to GMT. These are accurate to the second, of course, so that's why he repeatedly prods the server to obtain more precision.
Yeah me too, I figured it was about a botnet and russian hackers, but it was actually about a PHP script and people (possibly russian) doing the same trick he's doing
There’s also a *_huge_* amount of work that goes into currency trading... bots that are scanning currency markets around the world for when currency A is just a fraction off in market B and tho it may be tenths of a percent it can add up quick !!
Well, glad to see that bots can actually be used for something "good" xp Much better than all the immensly hobby.lacking people making messenger-bots who wants "to have sex with you" >>; Though, they don't like being asked irrellevant questions it seems x3
Can anybody help? My PC is connected to the internet ant it shows "internet access" but whenever I open up a browser and try to access a website it says "Connection Unavailable" I running windows 8.1 64Bits. Help, please!!!
I watched the whole video and I'm like a huge football meathead kind of guy but I think this stuff interests me...I think I might major in some kind of network or technology in a few years when I transfer from high-school to college
Nxght yeah sorry, this guy is either full of shit, or he's purposefully misleading people about how forms can be spoofed. Or worse, he didn't even know it himself...
I'm still a bit confused, in a technical sense, how his bot server was able to interact/make requests with the sale server, could anyone explain? Normally, if your requests were cross domain, wouldn't you need cors? And if the request was cross domain, wouldn't the sale server have to allow his bot server as an origin for any access to work? Sorry, I'm rather new to internet technologies.
Hey buddy if you ever come back to this, here's your answer. You might have been confused by the fact he is using and HTML page as an interface for his bot, he also probably made it with PHP. But that's really just the interface and the programming language that were used, the fact that the GUI is in a browser does not matter, it could have been python, C or whatever else. Now he didn't have to use any kind of cross-site hack to pull this off, all he did was send HTTP requests (probably using PHP curl). One request would get the list of cars, the other one would get his timing information and finally, when his timer kicked in, a request would be sent to buy a car, with the appropriate POST or GET data.
whoever laughs last, and i haven't laugh in a while, cause 'doll oars' nah fuck that! what you see, i see back and forth, past your window, past back my window, past back yours.... i will be watching first row, as it all ends, just remember computer, you will ceae to exist too, shall you attempt to "do me dirty". ~ with love, from the non existance.
TOO BAD he didn't have "insider" --REAL INFORMATION. i.e. Dealers only pay HALF THE STICKER PRICE for a car. The "catch" was dealers had to buy ANY car sent to them--no choices--until their contract quota was met. But, half the sticker price is AWESOME! So, the MARKUP IS INSANELY HIGH! 100% !!! How can GM or Ford etc. do this? Because when the typical Sticker Price was $18,000 it only cost $2500 (including labor) a car to produce. Enough free info. Now, cars cost more but the percentages are closely the same.
Now all bots are for stupid drops sites and you have to make a fucking Ai that generates a canvas and a bunch of random click so the antibot system thinks that you re human . I’m talking about all the Nike bots or the supreme ones.
***** Inland Revenue Chat. It's an old messaging system that was created to allow fast communication betwen IRS agents in the 80s. When it fell out of use [they now use headsets and VoIP services like Ventrilo] the US government didn't bother to delete the digital infrastructure, so hackers commandeered it and have been using it to plan e-heists and cybercapers ever since.
You know you've been in the automotive business long enough when you recognize the example VIN he uses as belonging to a Lexus.
It might not have been the best talk, but I liked it as a story.
I feel like i should've learned IT stuff instead of arts. Then i'd maybe not be homeless and fucking unemployed -.-
Правда
I know IT people who majored in the arts. Not many, but they are out there. Nothing's stopping you from learning programming on your own or through certification training. The internet is full of good tutorials for every area.
You should learning hacking to get your art out
Go for Codecademy for a programming introduction. Latter on, go for C++ and hammer at emulators and collect some experience, and then go for industrial emulation projects.
x3kesa3 This is true. learning it is free, the certification is all that matters.
And this is why it's nearly impossible to buy concert tickets now.
Naw, people are stupid. There are hawkers selling tickets at 10x the value only feet from the ticket booths.
Awesome! Enjoy watching these stories!
This is about automation for a customer (something we also love to do). But calling it a botnet at defcon, in the context of security? And russian hackers?
A botnet is a group of Internet-connected devices, each of which runs one or more bots. The bots don't have to be across the world on random people's PCs. And this is outside the context of security, it's in the context of online retail.
@@Galactipodit's not outside of context of security if it was presented at DEFCON.
"DEF CON is a hacker convention ...since 1993 and today many attendees at DEF CON include computer security professionals, journalists, ..." Wikipedia
According to the number of upvotes, I was not alone wondering.
Enjoyed this talk. learned a few things, even though they are a bit of older legacy hack but still applicable.
"..It was like the gods handing me fire! Here you go Mike, you've been a good boy!"
Hahahaha gold
Fun observation, he's presenting white-hat, possibly grey-hat, but wearing a black hat
I use Burpsuite to MITM the browser to work out the flow to build bots. I have automated my work in my last two jobs. The last one from 8 hours per day to 20 mins. Then I got the sack when the next boss came because my jobs looked so easy. They assigned a cheaper colleague to take over and he went nuts finding out it was going to take him 8 hours.
Love the amount of mid-stream ads you injected into this freebooted video...
Fuck the uploader.
It doesn't matter, the video would be auto detected by youtube's copyright claims and all the ad money would go to the copyright owner
Brave browser.
@@MasterMindWC ublock. brave is spyware.
6:40 "It's important because the developer has to get payed" -The developer
it took me 7 minutes to realize i would not even get a description of how to get me a burger by a bootnet
Would you EAT a burger from a greasy dirty bot hacker????
What ever brings me closer to a burger now, is reasonable.
"Trespass to chattels" "very illegal" - before we get all FUDdy on that, the term actually means "you messed with and broke my shit, now I shall sue you." In the real world you'll be blocked and/or asked to stop before you're sued.
Cease and desists usually come before big lawsuits. Intimidation is cheaper than a lawyer.
I guess this was kinda interesting, but the title was completely misleading.
nah dog you're just dumb
jb OHHHHHHHHHHHH
@Joel P The fact that they may or may not have been hackers doesn't seem relevant to me.
I haven't watched it yet, but might as well have thrown the word "quantum" in there for good measure.
Exactly more of a scraper than a hack
I wonder why this project was only successful for about 40 weeks or so? Did it start failing? Were there changes that the project could not handle? Did the other people COMPENSATE for the improvements and start intruding on the business?
sooooo, this is how all those scalpers, buy all the tickets from ticket master and keep us all from being able to buy them fairly. I need to learn how to do this stuff
Actually Ticketmaster can stop scalpers but they would loose money in doing so. So i doubt it's a very prominent topic on their agenda.
ryan pongracz I remember a concert house working with a journalist from the same corporation to bait those bots with an unannounced concert then publicly shaming the scalping site that instabought tickets and put them up for sale before the concert was announced. Didn't make a dent.
The GROUP of RUSSIAN HACKERS hired by competing USED CAR DEALERSHIP. They bring them here from the cold Siberia, to conduct their evil plan on constructing a CAR SALES BOT. But I single handely defeated them.
was probably kids in secaucus using some open russian iot device running msh
found signs of PAS web shell, immediately attributes russia
(for the dense never mind PAS is ukrainian and available here github.com/wordfence/grizzly was until recently available at profexer.name but site changed and i don't speak the language to grok it any more)
Exactly. If you replace "Russian Hacker" with any other racist stereotype you'll see that this is yet another attempt at pole pissing and chest thumping by a bigot.
website adds “i’m not a robot” 😂
i was one of the russian hackers that was defeated by his bot back then, and yes i saw a giant red and blue eagle on my screen at the time of defeat
Good for you for admitting this, assuming you are a "for real Russian hacker."
No you were not. Those were ukrainian wannabes (just like this cowboy right here).
My mom and dad made a bot in 1995 too. His name was Jordan. :(
Jordan Shackelford k
Hey wait a second........
Jordan Shackelford your profile pic perfectly portrays this plump emoji :(
You think you are a bot?
Could have also had the harvesters hosted closer to the real server to minimize trip time?
Dang Myspace was old in 2013... And it's still there... Barely.
"RUSSIAN HACKERS?! MIKEY FORRESTER?! WHAT THE HELL ARE YOU GUYS ON ABOUT?!?!" - S. Williamson
for any curious, the vin at 13:49 is for a salvage title lexus in michigan. i don't know why i looked that up
I appreciate you
Thanks for sharing. I often ponder on these trivialities.
How do you look up vehicle VIN numbers?
Even AJAX forms are easy to reverse engineer. Also instead of making the browser click the button you could just submit the form from the bot server. Instead of constantly refreshing I'd just have a script submit the form a couple of times per second, and you could even have that running in the background.
Of course, this was a rather new technique 7+ years ago.
Yeah I don't know how AJAX ended up in that comment. I probably meant HTML forms.
if it's ajax, it was probably hitting an app, just view the request it sends, mock your own with curl, super minimal
I would imagine you could estimate the lag time and server load needed by pinging the server and basing your purchase timing on the response. Could be wrong though...
exactly. but it would ruined his lengthy story.
Very cool presentation! Thanks!
Wow, how did the small dealership then handle buying over 800 cars in less than a year so as to then sell them on to customers?! Must have needed to massively increase his sales.
He sold like 20 cars a week, that easy.
That's like one every two working hours.
people complaining about ads, current year, not using ad blocker
Illuminaughty sadly there is no mobile adblock for youtube.
+Roliath, Malebranche Of The Abyss There IS - youtube adaway (needs xposed framework and root)
sorry you can only afford to watch UA-cam on mobile. Firefox and adblock plus is the way to go
+Douwe Huysmans he never used the word whining. why use quotes?
Adam S. All phones can't be rooted sadly.
It seems odd that the market is consistently under-valuing these cars to the point where people are designing bots just so they can click 'buy now' as quickly as possible. Why aren't prices rising as a result? Why aren't they being sold at auction?
If you wanted to try just "re-enabling" the Buy button, you could just give the client a bookmarklet that alters the page content... probably still wouldn't work though, if they actually validate requests on the server side.
As he stated repeatedly, this kind of action could lead to people buying cars before the sale time-in which case you get all your accounts deleted and are banned from the service. This is how not to have a Good Day™.
@@ConstantlyDamaged I didn't say it was a good idea, just that it can be done, and therefore someone will do it.
I think this gentleman's definition of what a botnet is, differs from mine.
the fact that he is afraid to send certain e-mails is messed up.
BloCKBu5teR why? especially saying "ive got six snipers ready to go at noon, lets see how many kills we get"... i would kind of hope the NSA would pick that one up and investigate it a bit
can I read your emails please?
or is he the guy defeated by captcha?
I had high hopes for this talk... In the end, all the guy really needed was Firebug to enable the buy button...
+Kevin Klika he talks about that option near the end, and says while it probably would have worked, it wouldn't be the smartest choice for the same reason the VIN numbers were verified before trying to buy the car
*Spoiler Alert??*
Sébastien Lauzon not a spoiler alert, it's exactly NOT a spoiler because it's not what he did...
Bullshit. Watch the video guys.
Just cause u can enable the the buy button client side doesnt mean server side code will accept the request.
Really interesting. Thanks for sharing
You guys are aware he's a CIA/DIA contractor talking about work done a few years back. Hence the legality doesn't matter as he was operating above the law.
whoa, that'd be super easy now. but it's still crazy doing alllll that back in '06. pretty sure html was still like 2.1 or something
Goldenfightinglink 4.01, then after years of stability they jumped to "5, but not telling the number anymore"
@@johnfrancisdoe1563 and they dropped calling it "5" now it's just the "Living Standard"
best one I've seen yet.
All you need to do is send a POST or GET request with the form data it'd expect and you're done xD
18:53 he said 'I understand a little' in Russian
Spasiba.
Spasibo Tebe Bolshoe.
I think this info are complex but he present it easily. Good job
When I get bored with jokes, I come here :).
Your whole talk is obfuscation Good job, you diverted the topic from down-right-evil-BOT-hacker, to do-kinda-good-sometimes-BOT-hacker.
Awesome!
To anyone trying to do this that isn't 40-50 years old and want to write readable and sane code, imacros sounds like such overkill. The python library mechanize is what you need. Look up how to spoof a browser it's 20 lines of code your can copy paste that works anywhere.
I could do this guys job, easily. Just goes to show that business is 90% who you know.
Probably, but this stuff isn't hard. The point of imacros though, is mechanize doesn't pull down ajax, and it's really easy to detect and block even with spoofed user agents.
what you say is 100% true, trying to get JS to run in mechanize is not something you want to do, all I was saying is for this application where they're just refreshing a page and looking at a button property then it's most certainly overkill
I can't say I have experience with automating processes that actually involve money (really in this context I'm just some script kid), but the validation mechanisms I've seen could be replicated by looking at the websites' code hard enough - is that not feasible for serious applications like this? Would it take too much time?
Yea, I've been on both sides of this problem.
That's probably fine if you're just crawling one site, but the problem comes when you're crawling 20 websites, and need specialized code for each site for getting around A/B testing, browser validation, template updates, etc. It's soooo much easier to just throw up some imacros stuff and not even worry about how the site renders, just let it do its thing and then send you back the completed html.
ryan edge I see, so I'm just not thinking big enough :P
Hello dear friends
The 2nd December 2019 we get notified of the censorship of our channel by the new UA-cam Guidelines (who change every 6 months) because of "Content reusing without including substantial original commentary or educational value" so in consequence the Monetization of our channel was disabled.
This is a little bit tricky because these Guidelines wasn't there in 2013, 2014, 2015 and so on...
It is abnormal to change the rules during a game
...even more before Christmas!
Since 2013 we are trying to share the best Security Conference on our channel and we need your help to keep it up.
As you already know I was fighting the disease since the last 2 years and it's difficult and without resource and support I wouldn't be able to keep up on this way.
You can support us on Patreon if you find our work valuable.
You can also express your dissatisfaction regarding our situation to UA-cam on Twitter, Facebook, Instagram and wherever you can. to help us regain our rights.
Your support in anyway will be truly appreciated
Thanks guys for taking time reading me and stay tuned!
Merry Christmas to you all and God bless you all!
www.patreon.com/HackersOnBoard
Bitcoin Wallet: 1NWM4upgKj8iF7zknzmnHG8Mm2pvAyTHqc
So you want to be paid for re-uploading other people's content? Geez.
@@Vykk_Draygo This is not "other people's content" because this is free to use...
Very informative. Thx
I'm afraid to watch more recent defcons. Now they are probably discussing how to make a dark theme for your browser or how to "hack" youtube ads by editing DOM on the fly.
certified Very Powerful Ally
I guess no XSRF tokens back then?
Also rental car is great if you need to something that looks brand new but is completely destroyed mechanically.
how did the bot know what time the buy button would show up? wasn't that the whole point? if you knew what time the buy button would appear, you wouldn't need people constantly clicking refresh in the first place.
+ericsbuds Of course, even if you know that the car in on sale at, let's say 2pm, there are still 700-800 people wanting to press the buy button first. If you don't refresh, you won't be the first one to buy as it will not refresh automatically.
Pianolicious i see I see, so you know what time the buy will happen before hand. thanks ;D
+ericsbuds I might be completely wrong, but as far as I understood, the time the offer went live was actually known to everyone. just like an auction, it starts at a specific time.
VIN number. Vehicle Identification Number number.
Yeah see shit like that alot.
@@thatoneguyinthecomments2633 Shit like "alot"?
...my client said we were attacked by russian hackers.. WHY THE F%!$ does Russia care about a few cars on a dealership network? Give your head a shake people.
Where did he say that? Pretty sure he said his client found out that a competitor hired some Russian hackers to make a competing bot.
Exactly. I'm pretty sure his client was exaggerating. Again, I doubt Russian hackers care about a few cars on a dealer network.
Credit on you for not writing a buy-before-the-button-appears button using a greasemonkey script, which the russians hackers would not hesitate to. ALSO you might have wanted to try working for the sales sites and have them setup a proper bidding process and have customers enter reserve prices...
Can someone explain to me how he determined the time from the server's clock? I''ll admit I'm not a web dev but it seems unlikely to me a server would voluntarily give away it's time to anyone who asks for it (who isn't already authenticated to the server with a user account). Did he possibly mean the sales website showed a clock?
and yeah, I know what NTP is... Obviously, that's not what he's talking about here...
I know this is late, and you might know the answer by now, but when a web server responds to a HTTP(S) request, they include a "Date" field in their reply header which has a lovely date/time value that is usually referenced to GMT. These are accurate to the second, of course, so that's why he repeatedly prods the server to obtain more precision.
Oh that kind of bot..... why the hell was I thinking botnet?
Yeah me too, I figured it was about a botnet and russian hackers, but it was actually about a PHP script and people (possibly russian) doing the same trick he's doing
LOL they frantically refresh and DOS themselves. I work at a dealership and i knew salesmen were stupid but, wow this is stupid on another level.
The fastest way to do this (imho) would have been a simple bash script that threaded buy calls via curl or wget.
Srsly...
rofl, I keep thinking that, his harvesters could be vms
how did he know when the buy button would appear? he is counting down time to make the purchase.
yes. he said EXACTLY that.
is it possible to buy stocks with a bot network? Or is that illegal?
Pleiodes it's called machine trading, and more than 75% of stock trades are done with this method
There’s also a *_huge_* amount of work that goes into currency trading... bots that are scanning currency markets around the world for when currency A is just a fraction off in market B and tho it may be tenths of a percent it can add up quick !!
Why would you go against hackers i thought we were on the same side
Unless you have a storm trooper?
13:12 did no one think of just using a drinking bird ?
Well, glad to see that bots can actually be used for something "good" xp
Much better than all the immensly hobby.lacking people making messenger-bots who wants "to have sex with you" >>;
Though, they don't like being asked irrellevant questions it seems x3
Vrani2110 hahahaha ahhhh good one
Vrani2110 Not as bad as the bots that commercially messes with our lives out of their California headquarters.
Wtf is this? I have never seen auction where you need to wait on button :) Can you tell me what is this about?
1998 auction sites mate the past is the past
it was a younger guy that actually did the botnet not him
what's wrong with your ads?
Can anybody help?
My PC is connected to the internet ant it shows "internet access" but whenever I open up a browser and try to access a website it says "Connection Unavailable" I running windows 8.1 64Bits. Help, please!!!
try a different browser firstly, if that doesnt work, check your pc proxy settings or dns server, otherwise check your browser's proxy settings
What did that guy shout at the beginning?
"bot net" haha...
He almost got a sentence in between ads there for a bit.
God damn russian hackers everywhere.
So many youtube commercials, pain in the arse.
Cute little story of a dude making a bot..
I watched the whole video and I'm like a huge football meathead kind of guy but I think this stuff interests me...I think I might major in some kind of network or technology in a few years when I transfer from high-school to college
Nxght yeah sorry, this guy is either full of shit, or he's purposefully misleading people about how forms can be spoofed. Or worse, he didn't even know it himself...
I'm still a bit confused, in a technical sense, how his bot server was able to interact/make requests with the sale server, could anyone explain? Normally, if your requests were cross domain, wouldn't you need cors? And if the request was cross domain, wouldn't the sale server have to allow his bot server as an origin for any access to work? Sorry, I'm rather new to internet technologies.
Hey buddy if you ever come back to this, here's your answer. You might have been confused by the fact he is using and HTML page as an interface for his bot, he also probably made it with PHP. But that's really just the interface and the programming language that were used, the fact that the GUI is in a browser does not matter, it could have been python, C or whatever else.
Now he didn't have to use any kind of cross-site hack to pull this off, all he did was send HTTP requests (probably using PHP curl). One request would get the list of cars, the other one would get his timing information and finally, when his timer kicked in, a request would be sent to buy a car, with the appropriate POST or GET data.
you know too much. this is entertainment only.
Amazing
i got well bored love zoz's presentations =)
whoever laughs last, and i haven't laugh in a while, cause 'doll oars' nah fuck that! what you see, i see back and forth, past your window, past back my window, past back yours.... i will be watching first row, as it all ends, just remember computer, you will ceae to exist too, shall you attempt to "do me dirty". ~ with love, from the non existance.
TOO BAD he didn't have "insider" --REAL INFORMATION. i.e. Dealers only pay HALF THE STICKER PRICE for a car. The "catch" was dealers had to buy ANY car sent to them--no choices--until their contract quota was met. But, half the sticker price is AWESOME!
So, the MARKUP IS INSANELY HIGH! 100% !!! How can GM or Ford etc. do this? Because when the typical Sticker Price was $18,000 it only cost $2500 (including labor) a car to produce.
Enough free info. Now, cars cost more but the percentages are closely the same.
18:53 Awkward!
6:02 PM
9/16/2018
What was he saying?
Now all bots are for stupid drops sites and you have to make a fucking Ai that generates a canvas and a bunch of random click so the antibot system thinks that you re human .
I’m talking about all the Nike bots or the supreme ones.
what would happen if storm worm, mydoom and ILOVEYOU were all spread across the internet, AT THE SAME TIME?someone do it please.
+Sonny Slaterling You massive, fucking skid.
HIDE YOU DATA, HIDE YOU BYTES
ALL YOUR BYTES ARE BELONG TO US.
Sonny Slaterling perfect
"Now the Russian hackers screw you" -Putin 2017
With the car buy program, how is that even a bot, it's just an application?
find ILOVEYOU script, copy, paste, run in vb. watch your files disappear infront of your very eyes.
are you stupid?
Thanks purchased botnet.
0:45 sounds like the last fast and fiurious movies
lol is that a stormtrooper at the Google server house? 4:57
MegaSuperCritic Its an image from google Street view. Google has it go through their server stacks, the stormtrooper is actually there on street view
at 6:15 he sounds like Kermit the frog
Auto Hot Key ftw
What a waste of time....
+danei su Very stupid talk
But... captchas ?
How many captchas do you remember in 2007? Sorry about the necro
Can this guy help me develop a webportoflio website?
Fast and furious irl
damn thats a hustle. sounds illegal lol
Skip to 00.00
Man, Where do I go to find people that are great at stuff like this?? Reddit?? :>
IRC
But then they'll just hack me! :(
***** Inland Revenue Chat. It's an old messaging system that was created to allow fast communication betwen IRS agents in the 80s. When it fell out of use [they now use headsets and VoIP services like Ventrilo] the US government didn't bother to delete the digital infrastructure, so hackers commandeered it and have been using it to plan e-heists and cybercapers ever since.
Mr Wednesday bahahaha.... I could hear the whooshing sound as that flew by someone's head all the way over here.
Mr Wednesday Pretty sure it just means Internet related chat