256 Kilobytes

How I used PHP skills and social engineering to get unbanned from a gay club

Articles in Hacking the Government | By Hash Brown

Published 4 months agoWed, 29 May 2019 19:59:57 -0700 | Last update 4 months agoWed, 29 May 2019 20:00:49 -0700 📌

Not your usual post, but real none the less.

839 views, 1 RAM, and 0 comments

I am a man who likes to pour the fuck up, and when I pour up at a high enough level I do things such as:

  • throw bottles from a 12th floor balcony onto a road
  • try to fight paedophiles outside of a hotel
  • try to juggle "decorative stones" while peeing and break the ceramic toilet flooding most of the ground floor

But on this occasion, I did not do this. Instead I got caught trying to set off a fire extinguisher inside a club because the smoke machine had stopped working.

Even though I was clearly trying to help, this was not appreciated by the club owners and I was given a "yellow card", which meant I was banned from the venue until they reviewed the case.

Unfortunately this also meant I was banned from other venues in the city because they all share information and scan your ID as you wait inline to get in to these places.

And before you ask, gay clubs have a great number of advantages over regular clubs:

  • Better music
  • More girls
  • Relaxed drug rules
  • Open until 6am instead of 2am
  • All the men are really nice to you

This particular club was the best in the city, no "straight" club compares to it. It was massive, had 3 floors, 90's music and they never searched you so drugs were everywhere. It was fantastic.

So, what the fuck?

The process that happened exactly was fairly simple, I was pushed out of the club by a giant white man through a fire escape and to the front of the building where the computer was. They asked me for my ID, they scanned it again into their computer system and marked it as "void" showing I was barred from entering again. They gave me a card that showed their contact details and explained I needed to email them to appeal the yellow card before I can return to the club.

They said this would take 2 weeks.

Well, this was not good. Two weeks in a very boring city where the only thing to do is get drunk and act a fool, this simply would not do and because all the clubs shared the same void system I simply could not just drink somewhere else. Nowhere else had bad 90's music anyway...

So there was only 1 way to make this work, I had to apply my autism to the task and defeat their silly little system.

Play Their Game

It does not matter if you are wanting to take over/spam a new social network or get unbanned from a gay club, the first step is to play the game. See what these people expect of you and feel it out.

So I did just that, I emailed them that night from my phone while 8/10 drunk.

Next up was to play the waiting game and see what their reply was, this came two days later.

This email was fucking gold. It was the key to unlock their silly little system and it was all I needed.

From this, I had:

  • The information I need to return to the club (an email)
  • The managers email address
  • The managers name

This was all I needed really, I sent the information they requested and got a couple of other details (a PDF of the rules/behaviour they expect) but this was all I needed.

Once you know the input you need to provide to get the output you desire you can begin to build your thing. If I could fake an email from their manager saying my review was complete and I was allowed back into the club, I should be able to get past the door security system and into the club where I can get drunk as fuck, shirtless and do lots of drugs.

How to fake an email from a sender

Emails are interesting things. You can use them in courts, they are often used as evidence in a similar way to text messages. They are also (in most countries) binding, so if you promise someone something via email and they sue you for not doing this promise, it's as good as a signed contract in some cases.

But the thing is, they are extremely easy to fake. 

Much like HTML, emails are made up of headers and text. The headers is the information side of things like where the email needs to be sent to, who it's from, time it was sent and the path it's taken. While the text is the message itself which can be HTML or plain text.

If we edit the header information of an email, we can manipulate it's appearance and create fake emails from any address we want. We can do this in PHP.

Standard PHP Mail

PHP has a inbuilt mail function, it's kind of defunct in %current_year% and lots of hosts like to disable it as default to prevent spam.

It looks something like this:

<?php
// The message
$message = "Line 1\r\nLine 2\r\nLine 3";

// wordwrap for formatting
$message = wordwrap($message, 70, "\r\n");

// Send
mail('to@example.com', 'My Subject', $message);
?>

This will send a basic email to your recipient. 

This sort of thing is very common on older websites that contained contact us forms, but now SMTP tends to be used instead as it's more secure and more robust.

Adding Fake Headers to PHP mail()

<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com';

mail($to, $subject, $message, $headers);
?>

Simply adding our headers to the end of our mail function handles the rest for us. It's very simple but for your exact requirements you may need to tweak this or add other things to make it look real.

The content you need to add for your message/title/from address will of course depend on your situation. Simply modify the above code, load it onto a server that has PHP Mail() enabled and visit the page or run it via SSH.

Check your email inbox, if it's good then great but remember you can simply delete it, modify the script and get it perfect.

When doing these things it's best to get details as perfect as possible.

Did The Fake Email Work?

In my case, this is the fake email I created.

Yes, it worked.

I simply rocked up to the club already drunk as normal, I gave them my ID. It came up Void as expected and I handed them my phone with the fake email already open. They fiddled around, read it and took my phone away to another member of security who shrugged there shoulders and then removed the void and let me in. Perfect.

I even recieved a real email the next day saying my ban had been lifted which was most excellent of them.

What else can you do with this?

I imagine there is a number of illegal things you can do with this trick from finnessing physical goods from stores and low level employees to creating fake evidence for a court case.

I would of course never ever suggest you actually do these things. This is a learning exercise and just something I thought I would share that shows our autistic online skills do actually translate to the real world too.

For those worried that this could be used against them... Yes it can. Short of installing SSL on your emails there isn't really much you can do about it and even then SSL can be faked if you fuck around enough with the headers.

Conclusion

Don't get drunk and do stupid shit in gay clubs, but if it happens by accident just scam them and get unbanned.

Users Who Have Downloaded More RAM:
August R. Garcia (4 months ago)
🐏 ⨉ 1
Posted by Hash Brown 4 months ago

Edit History

• [2019-05-29 19:59 PDT] Hash Brown (4 months ago)
🕓 Posted at 29 May, 2019 19:59 PM PDT

Profile Photo - Hash Brown Hash Brown Internet Activist &... United State of Euro...
🗎 61 🗨 447 🐏 209
Staff

Some other content you may like:

SEO:

Affiliate Marketing:

Other:


Account created 10 months ago.
61 posts, 447 comments, and 209 RAMs.

Last active 4 days ago:
Commented in thread It's Sunday

Post a New Comment

To leave a comment, login to your account or create an account.

Do you like having a good time?

Read Quality Articles

Read some quality articles. If you can manage to not get banned for like five minutes, you can even post your own articles.

View Articles →

Argue with People on the Internet

Use your account to explain why people are wrong on the Internet forum.

View Forum →

Vandalize the Wiki

Or don't. I'm not your dad.

View Wiki →

Ask and/or Answer Questions

If someone asks a terrible question, post a LMGTFY link.

View Answers →

Make Some Money

Hire freelancers and/or advertise your goods and/or services. Hire people directly. We're not a middleman or your dad. Manage your own business transactions.

Register an Account
You can also login to an existing account or recover your password. All use of this site is subject to terms outlined in the terms of service and privacy policy.