Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Ex cel len t tricks an d tec hn iqu es of Go og le Ha cks_X llen t On e

Ex cel len t tricks an d tec hn iqu es of Go og le Ha cks

ws _f t p. i ni i s a c on f i gu r at i on f i l e f or a po pu l ar FT P c l i en t t ha t s t or es us er na mes , (we ak ly) en cod ed pa sswo rds , sites an d di rec tor ies tha t the us er can stor e for lat er ref er ence. Thes e shoul d not be on the web!

Th at 's some go od stuf f. Jus t cop y/pa ste the tex t int o you r own WS FT P ini file an d
you 're go od as go ld (as suming you 're us ing the same ver sion ). Do n' t for ge t - ev en if
the y ha ve tak en the file of fline , us e the "cac he :FULL _URL /ws ftp. ini " to see the

con t en t s.

pr ob ab l y on e of t he be s t ex pl oi t s I ha v e s ee n i n a l on g t i me, wh en I di d i t t he r e we re ab ou t 20 vul ne rab le compu ter s, jus t rec en tly the re wa s 4 so I ho pe wh iteh at s go t to thi s be for e an yon e el se. rea lly ni ce !!

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

i nt i t l e: i nd ex . of ws _f t p. i ni

== == == == == == == == == == == == == == == == == == == == == == ==

Fr on t pa ge . . v er y ni c e c l ea n s ea r c h r es ul t s l i s t i ng ! ! I mag i ne wi t h me t ha t y ou c an

stea l or kno w the pa sswo rd of an y we b site de sign ed by "Fr on tpa ge ". Bu t the file

c on t ai ni ng t he pa s s wo r d mi gh t be en c r y pt ed ; t o de c r y pt t he f i l e do wn l oa d t he pr og r am

" joh n the ripp er ".

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

"# -Fr on tPa ge -" inu rl:ser vice. pwd

== == == == == == == == == == == == == == == == == == == == == == ==

Th is sea rche s the pa sswo rd for "We bs ite Ac ces s An al yzer ", a Jap an es e sof twa re tha t

cr ea t es we bs t at i st i cs.

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

"Au t oCrea t e=TRUE pa sswo rd=*"

== == == == == == == == == == == == == == == == == == == == == == ==

Th is is a qu er y to ge t inl ine pa sswo rds from sea rch en gi ne s (no t jus t Go og le) , you

mus t t y pe i n t he qu er y f ol l ow ed wi t h t he t he do mai n na me wi t ho ut t he . c om or . ne t . To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e: "ht tp: //*:*@www" ba ng bu s or "ht tp: //*:*@www"ba ng bu s

ht t p: / / bo b: bo b@ww w

ht t p: / / ad mi n: * @w ww

== == == == == == == == == == == == == == == == == == == == == == ==

Th is sea rch is a clea nu p of a pr ev iou s en try by J0h nn y. It us es "pa ren t di rec tor y"

Pa ge 1

Ex cel len t tricks an d tec hn iqu es of Go og le Ha cks_X llen t On e

to av oi d res ul ts ot he r tha n di rec tor y listing s.

WS _F TP .ini is a con figu rat ion file for a po pu lar wi n3 2 FT P clien t tha t stor es

us er names and weak l y encoded passwords .

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

filet ype :ini ws _f tp pwd

"ind ex of /" "ws _f tp. ini " "pa ren t di rec tor y"

== == == == == == == == == == == == == == == == == == == == == == ==

Mi c r os of t Fr on t pa ge ex t en s i on s ap pe ar on v i r t ua l l y ev er y t y pe of s c an ne r . I n t he

l at e 90' s peopl e thought they wher e hardc or e by defac i ng si tes wi th Fr ontpage.

To da y, the re ar e still vul ne rab le ser ver s fou nd wi th Go og le.

An at t ac k er c an s i mpl y t ak e ad v an t ag e f r om ad mi ni s t r at or s wh o ' f or ge t ' t o s et up t he

po l i ci es f or Fr on t pa ge ex t en si on s. An at t ac ker can al so sea r ch f or ' f i l et ype : pw d

us er s' .

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

f i l et ype : pw d ser vi ce

== == == == == == == == == == == == == == == == == == == == == == ==

Not al l of these pages ar e admi ni strat or ' s ac ces s databas es contai ni ng us er names ,

pa s s wo r ds an d ot he r s en s i t i v e i nf or mat i on , bu t man y ar e! An d muc h ad mi ns t r at ed

pa sswo rds an d us er pa sswo rds , a lot of emai ls an d the suc h too \u2026

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

al l i nu r l : ad mi n mdb

== == == == == == == == == == == == == == == == == == == == == == ==

DC Fo r um' s pa s s wo r d f i l e. Th i s f i l e gi v es a l i s t of ( c r ac k ab l e) pa s s wo r ds , us er na mes and emai l addr es ses for DCForum and for DCShop (a shoppi ng car t pr ogram(!!!). Some lists ar e bi gg er tha n ot he rs, al l ar e fun .

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

al l i nu r l : au t h_ us er _f i l e. t xt

== == == == == == == == == == == == == == == == == == == == == == ==

Th is sea rch br ing s up sites wi th "con fig. ph p" files . To skip the tec hn ical

di s c us s i on , t hi s c on f i gu r at i on f i l e c on t ai ns bo t h a us er na me an d a pa s s wo r d f or an
SQL da t ab as e. Mos t s i t es wi t h f or ums r un a PH P mes s ag e ba s e. Th i s f i l e gi v es y ou t he
k ey s t o t ha t f or um, i nc l ud i ng FU LL AD MI N ac c es s t o t he da t ab as e. To s ee v i ew t he PH P
f i l es ; t he r e i n l i es t he c at c h. Br ow s er s ar e mad e t o pr oc es s t he c omman ds of PH P
be f or e di s pl ay , s o i f no c omman ds , no t hi ng t o s ho w. Yo u c an ' t us e t ha t pe r s ay t o ge t

int o the con fig file, bu t it wo ul d sho w po ten tial thr ea ts if someo ne go t int o ser ver

an y wa y . ( I f t ha t ha pp en s y ou ' r e ba s i c al l y bo ne d an y wa y , no t muc h ar ou nd t ha t .

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

i nt i t l e: i nd ex . of con f i g. ph p

Pa ge 2

Ex cel len t tricks an d tec hn iqu es of Go og le Ha cks_X llen t On e

By the wa y, to kno w ho w to view the PHP file con ten ts, you can us e thi s cod e:

i nt i t l e: " I nd ex of " ph pi nf o. ph p

== == == == == == == == == == == == == == == == == == == == == == ==

Th es e files con tai n Co ldF us ion sou rce cod e. In some cas es , the pa ge s ar e ex ampl es

t ha t ar e f ou nd i n di s c us s i on f or ums . Ho we v er , i n man y c as es t he s e pa ge s c on t ai n l i v e

sourcec ode wi th us er names , databas e names or passwords i n pl ai nt ex t.

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

f i l et y pe : c f m " c f ap pl i c at i on na me" pa s s wo r d

== == == == == == == == == == == == == == == == == == == == == == ==

Fl as hF XP of fer s the ea sies t an d fas tes t wa y to tran sfer an y file us ing FT P,

pr ov i di ng an ex cepti onal l y stabl e and robus t pr ogram that you can al ways count on to

ge t y ou r j ob do ne qu i c k l y an d ef f i c i en t l y . Th er e ar e man y , man y f ea t ur es av ai l ab l e

i n Fl as hFXP.

Th e f l as hF XP . i ni f i l e i s i t s c on f i gu r at i on f i l e an d may c on t ai n us er na mes / pa s s wo r ds

and ev er ythi ng el se that i s needed to us e FTP.

To see res ul ts; jus t wr ite in the (ht tp: //www. go og le. com/) sea rch en gi ne the cod e:

f i l et ype : i ni i nu r l : f l as hF XP . i ni

== == == == == == == == == == == == == == == == == == == == == == ==

Th e en c r y pt i on met ho d us ed i n WS _F TP i s _e x t r emel y _ we ak . Th es e f i l es c an be f ou nd wi th the "i ndex of " key word or by searchi ng di rec tl y for the PWD= val ue i ns i de the con f i gu r at i on f i l e.