• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

apache misconfig = find mp3s in google

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Fri Dec 06, 2002 6:06 pm    Post subject: apache misconfig = find mp3s in google Reply with quote

A way of finding mp3s in google.

I'm starting this thread here cos it works because of misconfigured
apache servers. (which is an exploit/system weakness yes?)

using the search terms:

description "index of" "last modified" size mp3 artistname

shows up indexed file listings of people's user areas on apache servers. I'm havent really used apache that much but i'm thinking
showing peoples userareas to the world isnt good or clever Smile

this is a good alternative for people blocked by firewalls.
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Dec 06, 2002 6:08 pm    Post subject: Reply with quote

Yeh I been doing this for quite a while, works fairly well but most are pretty slow..

http://www.google.co.uk/search?q=%22Index+of%22+mp3+eminem&ie=UTF-8&oe=UTF-8&hl=en&meta=

Is a good one Smile

Usually find a biggy within the first few..

E.G

http://www.sysk-net.com/mp3/
Back to top
View user's profile Send private message Visit poster's website
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Fri Dec 06, 2002 6:25 pm    Post subject: Reply with quote

this one is reasonable:

http://matthau.yoz.com/mp3/

mostly single tracks
Back to top
View user's profile Send private message
max_blakk
Just Arrived
Just Arrived


Joined: 29 Oct 2002
Posts: 0
Location: South Wales UK

Offline

PostPosted: Sat Dec 07, 2002 1:24 pm    Post subject: Reply with quote

Following on from the above just changed a bit....

http://www.google.co.uk/search?q=%22Index+of%22+/etc

Just a thought, I guess most peps had that one...

also

link:"Index of" /home

link:"Index of"+.mp3

(try variations and report back on progress everyone...!!!)

ooopppssss hell this could go on all day...
Back to top
View user's profile Send private message MSN Messenger
ComSec
Trusted SF Member
Trusted SF Member


Joined: 26 Jul 2002
Posts: 16777215


Offline

PostPosted: Sun Dec 08, 2002 1:24 am    Post subject: Reply with quote

"old news"....food for thought

example:

inurl:"wwwroot"

All google websearch keywords at

http://www.google.com/help/operators.html
Back to top
View user's profile Send private message Visit poster's website
decypherohm
Just Arrived
Just Arrived


Joined: 16 Nov 2002
Posts: 1
Location: World - Europe - Portugal - Lisbon

Offline

PostPosted: Sun Dec 08, 2002 12:39 pm    Post subject: Reply with quote

Lololololol nice idea "wwwroot" i found a place to store my files on the internet... Laughing and nobody knows where.... but when admin goes there.... hell think "WTF is this doing here?!?!?!" Razz
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
max_blakk
Just Arrived
Just Arrived


Joined: 29 Oct 2002
Posts: 0
Location: South Wales UK

Offline

PostPosted: Sun Dec 08, 2002 12:53 pm    Post subject: Reply with quote

Yeah, I have read about it (and guessed most other had too) and experimented before, just thought it would be interesting to see what everyone could come up with, many hands light work etc... Smile
Back to top
View user's profile Send private message MSN Messenger
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 12, 2002 2:38 am    Post subject: Reply with quote

I found this:

Linux:

here

like 23 MB's

windows,etc

here

Its like 125 MB's


<<<r3dsk1>>>


Last edited by igir3dsk1 on Thu Dec 12, 2002 3:04 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 12, 2002 2:41 am    Post subject: Reply with quote

I forgot here is the main folder:
http://www.bagpipes.net/files/e-books/computers/
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Guardian
Just Arrived
Just Arrived


Joined: 09 Dec 2002
Posts: 0
Location: UK

Offline

PostPosted: Thu Dec 12, 2002 2:56 am    Post subject: Reply with quote

Thank you for sharing.

That brings back memories.

I used to use logical seaches on AltaVista with queries including "parent directory" and (NEAR jpg) etc with similar results (no Google or mp3 then Wink ). You could even get very specific with searches if you wanted.

It was an easy way to get direct to website's image directory so you can download images without having to load up lots of pages with adds and banners or passwords.

I was on a slow dial up. I used to write up list and get a download program to download them.

It is amazing how many poeple still set up servers without thinking about basic security.


Very Happy
Back to top
View user's profile Send private message
Phaedrus
Just Arrived
Just Arrived


Joined: 27 Nov 2002
Posts: 0


Offline

PostPosted: Thu Dec 12, 2002 3:37 am    Post subject: mp3's etc. Reply with quote

On a lark I spent about an hour tinkering with google and ended up with the php source for two site's remote administration page. Unreal. Shocked
Back to top
View user's profile Send private message
max_blakk
Just Arrived
Just Arrived


Joined: 29 Oct 2002
Posts: 0
Location: South Wales UK

Offline

PostPosted: Thu Dec 12, 2002 2:41 pm    Post subject: Reply with quote

Please share the search syntax you have used...

I would imagine that most where peps uploading a php forum, but didnt check if the server supported php....

I have found one or two nice bits n pieces by looking for files that are in the install of a forum/php app, e.g. phpmyadmin "config.inc.php"... found a few default installs no .htaccess etc, that let you browse the dbs on the server. Very Happy one had some interesting password/usename sections....

oooppps did mean to pass thx to igir3dsk1 who came up trumps again...!!!
Back to top
View user's profile Send private message MSN Messenger
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Thu Dec 12, 2002 9:58 pm    Post subject: Reply with quote

welcome.That's why we are here,to share no?

Well I use:

1-"Index of" files

2-"Index of" computer

3-"Index of"linux

4-"Index of" security

etc..

I have not used more options yet but I will. Smile

If I found more,like always I'll share them. Wink

<<<r3dsk1>>>
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Phaedrus
Just Arrived
Just Arrived


Joined: 27 Nov 2002
Posts: 0


Offline

PostPosted: Wed Jan 01, 2003 7:05 pm    Post subject: evil google Reply with quote

Index of +password.txt is always a fun one to run. Shocked
Back to top
View user's profile Send private message
igir3dsk1
Just Arrived
Just Arrived


Joined: 28 Sep 2002
Posts: 4
Location: 7h3 !n73rn37 :)

Offline

PostPosted: Fri Jan 03, 2003 6:38 am    Post subject: Reply with quote

Have you tried :

$"Index of " avatars$ Twisted Evil

There are pretty good avatars like "females avatars" Twisted Evil
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
syskill
Just Arrived
Just Arrived


Joined: 09 Feb 2003
Posts: 0


Offline

PostPosted: Sun Feb 09, 2003 2:35 am    Post subject: LOL Reply with quote

If you take a look at that second replay, you'll see an example give of http://www.sysk-net.com/m3p/. I am administrator for sysk-net.com, and I have already taken actions to secure my mp3s. The mp3 index is not an exploit nor a security risk. The reason for my securing my mp3s had nothing to do with this forum though. I did it due to too many people downloading mp3s and ISOs from my cable modem.
Here's how google got ahold of my mp3 and iso directory. I use to have a usage page that showed the most used links on my site. My friends who knew about my iso page went there and thus got on my usage page. I had a link on my main site to my usage site and that's how google got ahold of my mp3 and iso page. Although my mp3 page had a link on the main page already though. Now they are subdomains and require a username/password.

Jason Campbell
Administrator, SysK Networks
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register