View previous topic :: View next topic |
Author |
Message |
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Fri Dec 06, 2002 6:06 pm Post subject: apache misconfig = find mp3s in google |
|
|
A way of finding mp3s in google.
I'm starting this thread here cos it works because of misconfigured
apache servers. (which is an exploit/system weakness yes?)
using the search terms:
description "index of" "last modified" size mp3 artistname
shows up indexed file listings of people's user areas on apache servers. I'm havent really used apache that much but i'm thinking
showing peoples userareas to the world isnt good or clever
this is a good alternative for people blocked by firewalls.
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
|
Back to top |
|
|
max_blakk Just Arrived
Joined: 29 Oct 2002 Posts: 0 Location: South Wales UK
|
Posted: Sat Dec 07, 2002 1:24 pm Post subject: |
|
|
Following on from the above just changed a bit....
http://www.google.co.uk/search?q=%22Index+of%22+/etc
Just a thought, I guess most peps had that one...
also
link:"Index of" /home
link:"Index of"+.mp3
(try variations and report back on progress everyone...!!!)
ooopppssss hell this could go on all day...
|
|
Back to top |
|
|
ComSec Trusted SF Member
Joined: 26 Jul 2002 Posts: 16777215
|
|
Back to top |
|
|
decypherohm Just Arrived
Joined: 16 Nov 2002 Posts: 1 Location: World - Europe - Portugal - Lisbon
|
Posted: Sun Dec 08, 2002 12:39 pm Post subject: |
|
|
Lololololol nice idea "wwwroot" i found a place to store my files on the internet... and nobody knows where.... but when admin goes there.... hell think "WTF is this doing here?!?!?!"
|
|
Back to top |
|
|
max_blakk Just Arrived
Joined: 29 Oct 2002 Posts: 0 Location: South Wales UK
|
Posted: Sun Dec 08, 2002 12:53 pm Post subject: |
|
|
Yeah, I have read about it (and guessed most other had too) and experimented before, just thought it would be interesting to see what everyone could come up with, many hands light work etc...
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Thu Dec 12, 2002 2:38 am Post subject: |
|
|
I found this:
Linux:
here
like 23 MB's
windows,etc
here
Its like 125 MB's
<<<r3dsk1>>>
Last edited by igir3dsk1 on Thu Dec 12, 2002 3:04 am; edited 1 time in total |
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
|
Back to top |
|
|
Guardian Just Arrived
Joined: 09 Dec 2002 Posts: 0 Location: UK
|
Posted: Thu Dec 12, 2002 2:56 am Post subject: |
|
|
Thank you for sharing.
That brings back memories.
I used to use logical seaches on AltaVista with queries including "parent directory" and (NEAR jpg) etc with similar results (no Google or mp3 then ). You could even get very specific with searches if you wanted.
It was an easy way to get direct to website's image directory so you can download images without having to load up lots of pages with adds and banners or passwords.
I was on a slow dial up. I used to write up list and get a download program to download them.
It is amazing how many poeple still set up servers without thinking about basic security.
|
|
Back to top |
|
|
Phaedrus Just Arrived
Joined: 27 Nov 2002 Posts: 0
|
Posted: Thu Dec 12, 2002 3:37 am Post subject: mp3's etc. |
|
|
On a lark I spent about an hour tinkering with google and ended up with the php source for two site's remote administration page. Unreal.
|
|
Back to top |
|
|
max_blakk Just Arrived
Joined: 29 Oct 2002 Posts: 0 Location: South Wales UK
|
Posted: Thu Dec 12, 2002 2:41 pm Post subject: |
|
|
Please share the search syntax you have used...
I would imagine that most where peps uploading a php forum, but didnt check if the server supported php....
I have found one or two nice bits n pieces by looking for files that are in the install of a forum/php app, e.g. phpmyadmin "config.inc.php"... found a few default installs no .htaccess etc, that let you browse the dbs on the server. one had some interesting password/usename sections....
oooppps did mean to pass thx to igir3dsk1 who came up trumps again...!!!
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Thu Dec 12, 2002 9:58 pm Post subject: |
|
|
welcome.That's why we are here,to share no?
Well I use:
1-"Index of" files
2-"Index of" computer
3-"Index of"linux
4-"Index of" security
etc..
I have not used more options yet but I will.
If I found more,like always I'll share them.
<<<r3dsk1>>>
|
|
Back to top |
|
|
Phaedrus Just Arrived
Joined: 27 Nov 2002 Posts: 0
|
Posted: Wed Jan 01, 2003 7:05 pm Post subject: evil google |
|
|
Index of +password.txt is always a fun one to run.
|
|
Back to top |
|
|
igir3dsk1 Just Arrived
Joined: 28 Sep 2002 Posts: 4 Location: 7h3 !n73rn37 :)
|
Posted: Fri Jan 03, 2003 6:38 am Post subject: |
|
|
Have you tried :
$"Index of " avatars$
There are pretty good avatars like "females avatars"
|
|
Back to top |
|
|
syskill Just Arrived
Joined: 09 Feb 2003 Posts: 0
|
Posted: Sun Feb 09, 2003 2:35 am Post subject: LOL |
|
|
If you take a look at that second replay, you'll see an example give of http://www.sysk-net.com/m3p/. I am administrator for sysk-net.com, and I have already taken actions to secure my mp3s. The mp3 index is not an exploit nor a security risk. The reason for my securing my mp3s had nothing to do with this forum though. I did it due to too many people downloading mp3s and ISOs from my cable modem.
Here's how google got ahold of my mp3 and iso directory. I use to have a usage page that showed the most used links on my site. My friends who knew about my iso page went there and thus got on my usage page. I had a link on my main site to my usage site and that's how google got ahold of my mp3 and iso page. Although my mp3 page had a link on the main page already though. Now they are subdomains and require a username/password.
Jason Campbell
Administrator, SysK Networks
|
|
Back to top |
|
|
|