
Showing a Craigslist scammer who's boss using Python [video] - pavel_lishin
https://www.youtube.com/watch?v=UtNYzv8gLbs&feature=youtu.be
======
pavel_lishin
I agree that in all likelyhood, a technically clever scammer can trivially
exclude the ~500 entries this guy put in, but it _does_ create some extra work
for them, and we have no idea how skilled the person harvesting these things
are. (Plus, a committed troublemaker could likely make these things much
harder to detect, and much more work for the scammer.)

~~~
starbugs
Definitely not skilled enough to install a TLS certificate :)

~~~
ryanlol
These guys clearly aren't very good, but there's a chance they might be
deliberately not getting a TLS cert to avoid getting flagged by safebrowsing
via CT logs.

------
mrweasel
It makes me a little sad to see him write Python 2 code. There's only 18 month
of Python 2 left.

~~~
starbugs
That's what all of us oldies do. We can't get used to the hip new stuff so
quickly ;)

~~~
welder
Most of the time you're writing Python3 code and you don't even know it... try
changing #!/usr/bin/env python to

#!/usr/bin/env python3

I bet your Python2 script will run on Python3.

~~~
matmann2001
It might be interesting as a learning exercise but there's a lot of gotchas in
running 2 as 3.

Besides the obvious things like print, which will just cause an error, there's
behavioral changes, like with division and range, that may introduce more
insideous bugs.

Better to read up on the difference first and use a tool.

------
donohoe
If I were that scammer I'd quickly see I can likley filter out all accounts
added within such a short burst of time following convention of
<name><number>@yahoo.com

Also, my guess is most users don't have that pattern of password...

~~~
legohead
I thought the form fields were suspicious. The scammer may already have
something in place that generates random user/pass form fields, and even
random endpoints by the look of the url.

The "engineer" didn't check this, which he could have easily done by simply
refreshing the page. But if the scammer did have any sort of protection, the
engineer would have had a lot more work in it for him, having to scrape the
page.. so maybe he purposely ignored this red flag.

~~~
pavel_lishin
There's no need to put engineer in quotes. This video wasn't an in-depth how-
to; it was just a quick proof-of-concept.

~~~
legohead
It wasn't meant as an attack. I don't know his name, but his channel is called
engineer-something, so I meant it as "engineer-something".

Although I do think, for a learning video, that he missed out on a lot of
opportunity to explain such things as I mentioned.

------
elif
The terrible thing here is that:

'very common name' \+ 1 digit @yahoo.com generates a list almost completely of
real email addresses...

Spammers don't care about cleaning their lists... So he just helped the
spammer do his job, involving a few hundred unrelated victims.

~~~
certifiedloud
If all the scammer wanted was email addresses, they could have written a
random yahoo email address generator on their own. They want legitimate email
+ password combos.

~~~
laurentl
Given that world + dog has the entire Yahoo DB by now, I wonder if a list of
yahoo username + password still has any value on the market... Well, I can
only hope so, or else the scammer will just drop all the yahoo addresses from
his take rather than try to clean up the data.

~~~
ryanlol
If you can somehow find the yahoo DB, I will pay you $5000 in bitcoin for it
:)

------
vmarshall23
Seems a little dodgy to redirect output from an apparent scammers website to
an apparent root shell.

------
Zimahl
What's the scam here? The scammer gets access to someone's Craigslist
account... and then what? They take down or change their posts?

~~~
Willson50
They try the username + password on other sites.

~~~
Sohcahtoa82
Relevant XKCD: [https://xkcd.com/792/](https://xkcd.com/792/)

------
lxe
What if the URL and the form fields are randomly generated? I would just use
the Chrome console to keep submitting the form or something low-effort like
that.

------
newshorts
Put a time delay in there and let it run over a couple days. Otherwise it’s
too easy to just delete all the names from that 5 minute window of entries.

------
zb3
Usually entering credentials causes an email to be sent containing at least
user IP address and a User-Agent string. In this case, the UA string reveals
it all

------
ourmandave
For educational purposes only. <wink>

#2600

~~~
ccnafr
Yeah. Let's not the cover-all disclaimer

------
albowicz
My hero!

------
techVentureStar
this dude should do this on multi thread and distributed in cloud. this is so
vanilla, also the hacker can just just filter with a easy regex. lame

