Googling Your Way Into Hacking

knifee writes "New scientist is running an article explaining how hackers can use Google's cache to quickly hunt down sensitive pages, for example, by searching the terms "bash history", "temporary" and "password". Might be worth looking at this tutorial about robots.txt if you think you might be at risk." That's pretty amusing.

This happens because of dumb admins, not google

[mjmalone]

For example, one common filename for passwords is "bash history".

This guy is a security consultant? Come on, what admin in their right mind would enter a password in cleartext on the command line and allow it to be stored in ~/.bash_history? The first thing I do when I log onto a box is link bash_history to /dev/null, just out of habit. The security problem isn't google's fault, it is stupid admin's who don't know what they are doing.

Re:This happens because of dumb admins, not google

Quite a few, from what google just returned. '.bash_history "parent directory"'

Re:This happens because of dumb admins, not google

[numbski]

Wouldn't it be more fun to ln -s ~/.bash_history /dev/random instead?

Would make for interesting google logs. ;)

Don't have to worry about that particular problem. Both FreeBSD and MacOS X use tcsh by default anyway, and all of my users are Unix stupid, so they never log into shell.

Re:This happens because of dumb admins, not google

[wfberg]

Quite a few, from what google just returned. '.bash_history "parent directory"'

Actually a lot of those are 403 -- permission denied.

Using alltheweb (which has a bigger index anyway) to search only URLs that contain the phrase .bash_history and that contain "su" in the contents turns up only 2 history files. With no passwords.

Re:This happens because of dumb admins, not google

[chef_raekwon]

is link bash_history to /dev/null
i understand your point, but to leave .bash_history the way it is, allows for an admin to see if anyone has compromised security, no?

Re:This happens because of dumb admins, not google

The article basically says "don't publish a public page of passwords for your private site, even if you think the link to the passwords is hard to find".

Great advice, if not particularly insightful.

Re:This happens because of dumb admins, not google

chmod 000 .*history

Re:This happens because of dumb admins, not google

[Bigby]

Even better yet, "rm ~/.bash_history && ln -s /dev/dsp ~/.bash_history". Now everything you type will literally "sound like crap".

Re:This happens because of dumb admins, not google

[gooru]

It's not even just ~/.bash_history but ~/ itself! Who in the world would make that world-readable and published on the web?!?!? This isn't even the default for any configuration I've seen. (Does anyone else know differently?) It's one thing to spider ~/public_html or /var/www or whatever you have set up for your webserver...quite another to have ~/ published on the web. I can't believe this is a security problem for people, though I suppose it is a proven possibility.

Re:This happens because of dumb admins, not google

[dan14807]

> The first thing I do when I log onto a box is link > bash_history to /dev/null

unset HISTFILE

Re:This happens because of dumb admins, not google

[karlm]

I think most of the automated tools will cover their tracks pretty well. Most buffer overflows will fork off sh instead of bash. At best, bash_history is an unreliable means of detecting careless intruders.

Re:This happens because of dumb admins, not google

cat /dev/urandom | /dev/audio is fun as well

Re:This happens because of dumb admins, not google

[Zigg]

Except that it doesn't work, unless you intended to try to execute /dev/audio.

Re:This happens because of dumb admins, not google

OHMYGOD!! TEH SECURITY RAMIFICATIONS!!1!
http://custom.lab.unb.br/pub/dc e/.bash_history
pwd
ls -l
ls -l
ls -la
whoami

http://www.mhhe.com/socscience/.bash_history
vi test1
ls -l
who am i
touch test2
ls -l
pwd
cd ../business/
ls -l
vi randomfile
ls
ls -l
cd marketing
ls -l
pwd

Re:This happens because of dumb admins, not google

[Pxtl]

Did you check the caches on those 403's?

Re:This happens because of dumb admins, not google

[Surak]

Even better yet, "rm ~/.bash_history && ln -s /dev/dsp ~/.bash_history". Now everything you type will literally "sound like crap".

But uhh...from the tcsh manpage (emphasis mine)

A login shell begins by executing commands from the system files /etc/csh.cshrc and etc/csh.login. It then executes commands from files in the user's home directory: first ~/.tcshrc (+) or, if ~/.tcshrc is not found, ~/.cshrc, then ~/.history (or the value of the histfile shell variable), then ~/.login, and finally ~/.cshdirs (or the value of the dirsfile shell variable) +). The shell may read /etc/csh.login before instead of after /etc/csh.cshrc, and ~/.login before instead of after ~/.tcshrc or ~/.cshrc and ~/.history, if so compiled; see the version shell variable. (+)


Looks like tcsh has a history file as well, "if so compiled"? Just thought I'd point that out something you might wanna check into?

also in your /etc/csh.cshrc or /etc/csh.login you *might* wanna just throw in something like the following shellcode:

# just to make sure the user didn't delete the
# symlink ...
if ( -e ~/.history ) then
rm -f ~/.history
endif
;)

ln -s ~/.bash_history /dev/null

Re:This happens because of dumb admins, not google

[MrEnigma]

I believe slashdot does this, at least there is an option to do it. Granted they do give you a warning, and I don't believe the normal login uses this.

Re:This happens because of dumb admins, not google

[Havokmon]

The security problem isn't google's fault, it is stupid admin's who don't know what they are doing.

More than once, when looking for a specific dll, I've found a whole software install in a directory on somebodys network.

Re:This happens because of dumb admins, not google

[inertia187]

It's happened to me. My .bash_history has contained passwords. Why? Because I'd type too fast and not look at the screen. For example:

bash-2.05a$ ssh inertia@whatevre
ssh: whatevre: no address associated with hostname.
bash-2.05a$ f33lokihum

Oops.

Re:This happens because of dumb admins, not google

[Cramer]

And on Linux, /bin/sh is bash. And you'd be very surprised to see how many "hackers" fail to clear out the history. It has been my experience that most of the nuts breaking into systems are mostly idiots simply running stuff someone else designed.

I've never ran into a real hacker... they know how to cover their tracks so they aren't noticed. And, I don't have any systems containing information of any value from which the real hacker could profit (thus, I'm left alone.)

Re:This happens because of dumb admins, not google

Same thing. Generally when that happens I log out and then log back in, at which point 'rm ~/.bash_history', but it still can happen by accident.

Re:This happens because of dumb admins, not google

So right after you do that you type unset HISTFILE

Re:This happens because of dumb admins, not google

Instead of a know-it-all answer, you should just have tried the search. Then you would not have egg over your face now.

Re:This happens because of dumb admins, not google

[Bigbutt]

Well, we had a stupid admin who, as a test put the /etc/passwd file into webspace.

We had another admin who tried to su to root and typed in su [root password]. We check the logs searching for someone typing in a non-user account that looks like garbage and we notify the admin to change their password.

Re:This happens because of dumb admins, not google

[SeanAhern]

ln -s ~/.bash_history /dev/random

Whoops!

You meant: ln -s /dev/random ~/.bash_history

Re:This happens because of dumb admins, not google

[wfberg]

Did you check the caches on those 403's?

Google can't search on filename, whereas AllTheWeb does. So querying google for .bash_history will find indexes listing the files, not the files themselves.

Re:This happens because of dumb admins, not google

[jd]

This would be a good way to set up a "slightly more legit" honeypot, in States or countries where "services for the sole purpose of entrapping people" is illegal.

Set up a virtual machine (user-mode linux might be a good choice) and make sure the root password is in a whole bunch of files that skript kiddies are likely to google for, and in which the root account might reasonably be found (if the admin is stupid, that is).

Set the login shell to an application which creates a fake shell, and which uses the opportunity to ID the intruder's computer and download a bunch of stress-testing tools. cpuburn might be a good one for this.

The choice of downloads is important. You've got to be able to show a legit purpose for all of this, and one good purpose is to have a tool you can use to stress-test hardware on a remote machine. If you do freelance tech work, then being able to check the hardware on a machine is self-evidently a legit purpose.

Once you can show a legit purpose (whether you use it or not), and you can show that you've made a reasonable effort to prevent non-legit users from stumbling into the account (ie: by setting a password), then I can't see any way a person can claim they were suckered in and entrapped.

It takes a deliberate, concious act of will to perform a search on Google. It takes another deliberate, concious act of will to use that information to connect onto a remote computer. Since the account is not theirs, and they have no reason to believe otherwise, they are guilty of attempting to defraud the computer through identity theft, at the very least. There's no way it could be passed off as "accidently" stumbling onto a service, which could be a valid defence against traditional honeypots.

Because there's a legit use for the services, and because the attacker has actively carried out an attack on your machine with malicious intent, it would be extremely hard for them to successfully sue you for any damage caused.

It's not like placing a firecracker in a box marked "open this". It would be closer to placing a revolver in a locked cabinet, and a would-be thief accidently shooting themselves in the foot, after breaking into the cabinet.

The first case, there's no obvious risk, so the person can claim they've not assumed responsibility for any such risk. Stupidity is not a crime.

The second case is different. The person is actively performing actions they know to be illegal, and for purposes which can only be malicious. They've passed the point where they can claim they're just an innocent bystander.

Likewise, a traditional honeypot - especially one that causes damage - might well be considered in the first category. A person may well accidently stumble on it, and then any damage is the responsibility of the person setting the trap. (Don't even think of telling me you've never mis-typed an IP address.)

However, a dual-purpose service, behind a password-protected account, where the username of that account makes it self-evident that this is not a public area, cannot even remotely be placed in that category. The intruder cannot claim innocence or lack of awareness. As such, any damage they suffer is their problem. They've assumed the risks involved, knowingly of their own free will. At that point, if your utils turn their machine into scrap metal, it's not your problem.

Note: Law-enforcement types are authorized to break into machines and plant all sorts of sniffers, etc, on them, without approval and without the machine or owner having to have anything to do with any investigation. It is not clear if frying their computers, even if it could be shown that it was self-inflicted and that the software was dual-use, would be considered acceptable.

Because of this, the information above is hereby defined as being for academic interest only. If you choose to use the information, and Joe FBI gets burned, that is beween you and them.

Re:This happens because of dumb admins, not google

[FroMan]

In your .logout put:

rm -f .history

Putting it in your .login leaves it till you run the next interactive shell. In the .cshrc leaves it there till your next shell, interactive or not.

Anyways, what the heck is your shell doing making a world readable .history file anyways? I believe tcsh will ignore the umask and make it rw------- anyways. I'd have to double check that though.

Re:This happens because of dumb admins, not google

Google Search: inurl:bash_history

Re:This happens because of dumb admins, not google

[stikves]

It's

ln -s /dev/null ~/.history

Otherwise, your account will end up accumulating all the trash

Re:This happens because of dumb admins, not google

[dspeyer]

Google wins again! It has six .bash_historys with su in them, though none show sensitive information and at least one was clearly posted intentionally as an example.

It all comes down to knowing google (the inurl: tag, in this case)

Re:This happens because of dumb admins, not google

[drinkypoo]

It seems like it would work to me, but only on the output side. As .bash_history is read by new instances of the shell, people will be trying to read from the audio hardware, which, well, I wouldn't think would accomplish much good.

Re:This happens because of dumb admins, not google

[drinkypoo]

You have to have execute permission on each interim directory between / and public_html (or whatever you have it set to on your server.) This is because the directory execute bit is the "change to this directory" bit. A lot of users fuck this up and just make their home directories world readable, or even writable. Just another reason to separate the user from his data whenever possible. The trick is to do it in a way that won't make them feel left out. Obviously some people are more willing to put in the time to learn the intricacies of an obfuscated system like Unix than others.

Re:This happens because of dumb admins, not google

Checkout www.google.com/robots.txt.
Note the last line (/unclesam?)...

Re:This happens because of dumb admins, not google

That just changes the graphic.

Re:This happens because of dumb admins, not google

You forgot to change your password!
I 0wnz j00r b0x!

Re:This happens because of dumb admins, not google

[jwbozzy]

Clearly you have not ever used a properly configured FreeBSD.

Re:This happens because of dumb admins, not google

[IM6100]

I worked at a place where the OS/2 Warp Server for the whole company (hundreds of developers) had a telnetd running. I had a shell script I needed to run for a build and it ran FAST when I ran it from the server. But then they didn't like me doing that. It had a commonly known password, and the password was in plaintext in the C:\config.sys file.

And the whole C:\ drive of the Warp server was available by ftp.

Re:This happens because of dumb admins, not google

It's not even just ~/.bash_history but ~/ itself!

Do this at a shell;

1. locate .bash_history

Notice anything odd? It's entirely likely that .bash_history may end up outside a user's (or root's) home directory depending on where you are when you login to a new account.

If you want to avoid that, try...

1. su - USERNAME

where USERNAME is the account name (or optionally nothing if root).

The - will make sure that the environment settings will be the current default settings for that account. Login as root, change to another directory, change the environment settings, execute "su -", then check your environment and location. Change directories, and use "su" (no "-"), and see what happens. Exit from the shell a couple times. Nope, that little factoid isn't explicitly in the su man page.

Re:This happens because of dumb admins, not google

[Ascender]

One possibility is that some 'clever' admin has set the 'webmaster' user's home directory to /var/www (or whatever your docroot is) - Then, as well as easy access to the html files, the .bash_* files would be left there too

Re:This happens because of dumb admins, not google

[klui]

By default, your history files are only readable by you and is not group/world readable. Your shell actually sets this up--regardless of your umask--when it first creates the file so only a bozo who manually changes the modes deserves what they get as a consequence.

Re:This happens because of dumb admins, not google

[tsm_sf]

It's also a great place to look for sql login/pass info. Great when the admin has logged in from my account =)

Re:This happens because of dumb admins, not google

[Leto2]

Actually, I do not link bash_history to /dev/null.

I've been compromised once, and the attacker went through great length to install a rootkit in /tmp/../foo , grep his IP out of the message logs, etc. etc. The only thing that he forgot to do was remove the bash_history file, and I knew _exactly_ what damage he had done to my system.

Re:This happens because of dumb admins, not google

[scottj]

The simpler alternative is to just not produce a history file at all. In the .cshrc, add this line: unset history

Re:This happens because of dumb admins, not google

[caluml]

Try searching for root bin daemon adm sync shutdown operator or other common usernames - quite a few muppets seem to have aliased / with something.

Mind you - it's the ultimate security test - let everyone see your server as a non-root user - it should still be safe.
I suppose it's like not using a firewall - it means your network has to be completely secure on its own merits.

Re:This happens because of dumb admins, not google

wrong.. it also limits your search to apparently .gov .edu .mil .state.XX.us etc

Re:This happens because of dumb admins, not google

Not just that, it limits the search to Government sites.

Re:This happens because of dumb admins, not google

[Bigbutt]

Our ftp server was open from root up if you were identified as a "local" user rather than anonymous. It was run by the same admin. That was before when we were assigned machines to admin. Now we all admin all the machines so someone else can "peer review" the system. We don't have any specialists any more, but we're sure there are no obvious security issues and we have an engineering department for the specialists.

Re:This happens because of dumb admins, not google

Nope, that little factoid isn't explicitly in the su man page.

su [OPTION]... [-] [USER [ARG]...]

-, -l, --login
make the shell a login shell


that's not explicit enough?

Re:This happens because of dumb admins, not google

[JessLeah]

How about stupid admins who don't know how to spell "admins"? (Hint: It doesn't have an apostrophe in it.)

Re:This happens because of dumb admins, not google

[mjmalone]

Uhm, go back to 5th grade. An apostrophe indicates possession.

Re:This happens because of dumb admins, not google

[mjmalone]

Oops, I'm sorry I take that back. I'm tired. You were referring to "admin's" in the body of my message. I guess you're right. Typos happen. :/

Re:This happens because of dumb admins, not google

[JessLeah]

That's okay. I just find it disturbing how many "typos" involving ADDING APOSTROPHES TO THINGS, or TAKING AWAY APOSTROPHES WHERE THEY BELONG, seem to be happening nowadays. It's like a plague. I'm sick of reading things like "You cant do that cuz your not 21", or "They have the best pizza's Ive ever tasted"...

Re:This happens because of dumb admins, not google

[Anthony+Boyd]

The only thing that he forgot to do was remove the bash_history file, and I knew _exactly_ what damage he had done to my system.

Yes. Because the .bash_history file left behind by a hacker is always reliable and is never tampered with.

Re:This happens because of dumb admins, not google

[Dwonis]

echo "HISTFILE=" >> ~/.bashrc
exec bash
rm ~/.bash_history

No more history.

Re:This happens because of dumb admins, not google

[deblau]

Actually, he might be on to something there, given how random many users seem to be.

Re:This happens because of dumb admins, not google

[Beliskner]

all of my users are Unix stupid, so they never log into shell.

WHOOOOOPS! I was just hired by the company I'm now working for, and the admin is used to Unix-stupid people. Within a week I'd found his porn collection stored in /dev/S**-MAC/coolstuff/av and I was setting up FTP accounts for customers without the sysadmin's permission when he went to the toilet and forgot to log out. He wants to get me fired now for messing with "his" job area, apparently DB programmers aren't "allowed" to set up FTP accounts without the sysadmin's permission. Sometimes being too clever is a problem. What the hell happened to meritoacracy? I was just pleasing the customer...

Re:This happens because of dumb admins, not google

[SeanAhern]

This is OT, but I couldn't help myself.

There's no reason my post should have been moderated to a +4 Informative. Yes, I was informative, but it's such a tiny nit. Hell, we've all swapped the positions of the ln command. It's almost a "grammar nazi" post.

The fact that the post remained at +4 rather than heading to +5 gives me at least some hope that moderators have some degree of moderation (heh).

It makes me wonder if the overall quality of Slashdot would be improved by making the score cap be closer to 8 or 9, rather than 5. It would make for a more normal distribution, rather than the capped distribution we currently have.

Ah well... My statistics class was a long time ago...

Re:This happens because of dumb admins, not google

[Zigg]

So, on a "properly configured FreeBSD", the shell magically divines my intent? Color me impressed.

Re:This happens because of dumb admins, not google

[jwbozzy]

s/\|/>/. Honest mistake.

Re:This happens because of dumb admins, not google

[shfted!]

What is more interesting is http://www.mhhe.com/socscience/.profile

Apparently the user can't spell "more" lol

better search

[pbrinich]

search for webserver=IIS, proceed to hack

Google Cache, in case of slashdotting

google

Re:Google Cache, in case of slashdotting

[vgaphil]

Or go here google

Re:Google Cache, in case of slashdotting

[Scott+Hale]

Google is not affiliated with the authors of this page nor responsible for its content.

Now I'm really confused.

Re:Google Cache, in case of slashdotting

holy crap that's my new toolbar link. i can't even read this one: 61r0/03(70r0/0y0/0

Re:Google Cache, in case of slashdotting

Thats great, google is just the best

Re:Google Cache, in case of slashdotting

[wwest4]

UP!

Re:Google Cache, in case of slashdotting

[SlayerofGods]

That is really cool, the whole site is done in it. Someone try to read this and not have your head explode.

Re:Google Cache, in case of slashdotting

[joynt]

The sad thing is I can read it.

Re:Google Cache, in case of slashdotting

[Luigi30]

Don't! You'll Slashdot Google!

Re:Google Cache, in case of slashdotting

[ejdmoo]

Apparently they've trademarked P4G3R@nk (pagerank)

From that site:
tH3 hE4R+ 0F 0UR 50phtw4RE I5 P4G3R@nk(TM)

Re:Google Cache, in case of slashdotting

That's not google's cache, it's a fake.

On the top of the page it says 'Google is not affiliated with the authors of this page nor responsible for its content.'

Re:Google Cache, in case of slashdotting

[vgaphil]

Trekkies go here

Re:Google Cache, in case of slashdotting

There's something priceless about the phrase, "EyE Am ph33|1n6 |u(ky".

Re:Google Cache, in case of slashdotting

[arose]

I would use this because I'm not l33t enough.

Re:Google Cache, in case of slashdotting

[plupster]

To iterate is human - to recurse is divine

Re:Google Cache, in case of slashdotting

[Daath]

1 d0n'+ und3r5+4nd... 1+ 100k5 pr3++y n0rm41 +0 m3...

Re:Google Cache, in case of slashdotting

[_randy_64]

They mis-spelled a couple words though. Threw me off for a second. ;-)

Re:Google Cache, in case of slashdotting

[Mostly+a+lurker]

Pretty good, but Google does not offer to translate all these wierd English pages for me!

Re:Google Cache, in case of slashdotting

[Anthony+Boyd]

The sad thing is I can read it.

The sad thing is I can read it, and I'm in management. Ph34r /\/\y P0/\/\3rp0in7 5ki115!

Re:Google Cache, in case of slashdotting

[Anthony+Boyd]

Ph34r /\/\y P0/\/\3rp0in7 5ki115!

\/\/0rk 0n +h053 5p311in6 5ki115!

Re:Google Cache, in case of slashdotting

[deblau]

unleet filter for those so inclined:

#!/usr/bin/perl -wp
$_=lc;
y/0134589+@$/oieasbgtas/;
s/ph/f/g;
s/joo/you/g;
s/kw/qu/g;
s/teh/the/g;
s/zo/e/g;

(I have too much free time, help me someone)

RIAA Logic:

[connsmythe96]

Google can be used to illegaly hack into computers (possibly stealing copyrighted information). Google must be shut down and all of its users owe us lots of money.

Re:RIAA Logic:

[r_j_prahad]

And long before Google, there was Melvil Dewey. So how come this country didn't jail his treasonous copyrighted cataloguing ass back in 1876?

http://www.oclc.org/dewey/

It's a little harder...

[Tweakmeister]

A quick search for "Password" doesn't yield any "promising" hacking results. It's too common a word.

Re:It's a little harder...

[kyz]

Yeah, but just add a little spice to your search, like DO NOT DISTRIBUTE, and you'll get results.

Re:It's a little harder...

[lildogie]

"Do Not Distribute" sounds like a good title for distribution of mis-information widely and with credibility.

Re:It's a little harder...

[jandrese]

That link just spit out a whole bunch of pages warning users not to give away their passwords.

Re:It's a little harder...

"your temporary password"

Re:It's a little harder...

Try searching for "index of" passwd hosts.

You'd be suprised that anyone makes /etc available via a web server.

Re:It's a little harder...

[Elminst]

But the third link down gives us this-
http://216.239.57.104/search?q=cache:p5ouM3 2marEJ: www.necmitsubishi.com/markets-solutions/government /necfiles/Chicago911.doc+%22do+not+distribute%22+p assword&hl=en&ie=UTF-8

Which at the bottom of the document has-

Editors Note:
Product photography is available at http://www.liska.com/necmit.
Username: necmit
Password: monitors

Which seems to prove the point of the search...

Re:It's a little harder...

[swordboy]

Here's one for the FOX Network's regional VPs contact information. Email addresses... phone numbers... etc... (its white on white so you have to do a select all in order to view the stuff)

Re:It's a little harder...

[Lev13than]

Try doing a search for "Confidential" + "Internal Use Only". That brings up a few doozies...

Re:It's a little harder...

[exhilaration]

Also try this to narrow down your sources:
Confidential + "Internal Use Only" site:.gov
Confidential + "Internal Use Only" site:.mil

Re:It's a little harder...

And worryingly their script is so insecure, once logged in, you can change the url to browse any dir on any drive... oh dear.

Re:It's a little harder...

So it does! Who wants to slashdot a floppy disk drive?

http://66.216.103.200/getFiles.asp?Dir=a:%5C

Re:It's a little harder...

[shfted!]

Login to the site above, then click to see one of the monitor sections. You can then easily modify the url to match this:

http://66.216.103.200/getFiles.asp?Dir=d:%5C

This IS a security issue!

Yea

[mao+che+minh]

Must be how that guy found out that my phpnuke code had a mySQL injection flaw in the news module. My article about a Hulk doll with big penis wasn't exactly fine journalism, but I would imagine that it was better then 40 lines of "hacked by Stacey 100% brasil LOL" that it was overwritten with.

Damn script kiddies.

Re:Yea

[kmak]

At least you'll learn for next time.. I once coded something that was really sensitive.. and a mistake wiped it all out...

Google is good for free money

I prefer using google to search for 'valid credit card numbers' or 'long distance phone codes'.

Re:Google is good for free money

[anthony_dipierro]

Better to search for the first 8 digits of a known credit card number. Last time slashdot hahd a story about a site which was publishing credit card numbers on the internet, I googled for the first 8 digits of my CCN and found the site.

Even better than Google

I tried this a while back - it isn't as easy as it looks with Google. I recently discovered WhittleBit and it is pretty good at narrowing down what you are searching for because it lets you indicate which search results are good and which aren't, and re-search on that basis.

This is particularly useful for this type of thing since it isn't always obvious what the criteria are for what you want to search for - with WhittleBit you don't need to know, it figures it out for itself.

Re:Even better than Google

[lightcycle]

The bottom of the page has a "send feedback to Ian Clarke" mailto link, would that be the Ian Clarke that's behind freenet?

Re:Even better than Google

Even better, I think that's the Ian Clarke that's behind the parent post.

Re:Even better than Google

[dillkvast]

Site down for maintainence, sorry for the inconvenience

Google has better uptime.

PageRank?

[SkiddyRowe]

Will this throw off the index, with such an guaranteed increase in "bash history" queries?

aha!

[Frymaster]

this explains the trememndous number of google searches for "index of /scripts" that come from google to my site...

of course i have section on my site for bash scripts... and it has an index page. looks like someone got dissappointed.

Re:aha!

Does your website use slashcode? And if so how do you enable the user profile with pictures and whatnot?

Re:aha!

Those fools, they are supose to use the google "cache" so they can look without alerting you.

Where have all the hackers gone?
Long time passing.
Where have all the hackers gone?
Long time ago.
Where have all the hackers gone?
Gone to script kids every one.
When will they every learn?
When will they eeevery learn?

Re:aha!

[jvj24601]

Like this?

Re:aha!

Ah, googling "index of", the ultimate in file sharing!

problem with robots.txt tutorial

[brlewis]

They should mention that disallowing a URI in robots.txt tells crackers which URIs on your site have sensitive information. What I do is create a top-level /unpub/ URI, and everything sensitive goes underneath it with hard-to-guess names. In robots.txt I disallow /unpub only.

Re:problem with robots.txt tutorial

[PetoskeyGuy]

I hope you at least have an .htaccess on the files to put a password on that directory. Hard-to-guess names is good, but making them password protected is better.

Of course on some of the cheaper web hosting companies out there you can just search the /home/*/web folders. They have to be public so the web server can read them. Stupid I know, but all to common. Config.php for most apps will have all the users passwords in plaintext.

The HTTPD user should be a member of each users group so you don't have to set world rights to your files. Assuming it's just hosting and no other rights are required.

Re:problem with robots.txt tutorial

lets see here....

brl.codesimply.net/unpub/p455w3rD5 --- 404
brl.codesimply.net/unpub/3773h4c7er --- 404
brl.codesimply.net/unpub/84n74cc71nf0 --- 404

everything looks good to me!

Re:problem with robots.txt tutorial

[brlewis]

Password-protected directories wouldn't need to be in robots.txt. Using robots.txt + security by obscurity is for things like family photos, where I don't want to maintain usernames and passwords for my entire extended family, but it isn't absolutely critical that no unauthorized person ever see them. I doubt I could trust my entire extended family to keep passwords secure anyway.

Yeah, cheap shared hosting is largely insecure. I wonder how tough it would be to set up shared hosting using squid as an http accelerator, and let users run web servers under their own UID on different ports, while squid forwards from port 80.

Re:problem with robots.txt tutorial

[blibbleblobble]

"They should mention that disallowing a URI in robots.txt tells crackers which URIs on your site have sensitive information."

Just use <meta name="robots" content="noindex,nofollow"> -- that way, the robot has no central index of sensitive pages. It will stop programs like wget or the perl moduled which follow robot exclusion.

Of course, <limit get> require user admin</limit> is probably more like what you need (in .htaccess that is, not in your web-pages!)

Re:problem with robots.txt tutorial

[Telastyn]

It's not too much better. Actually in the case the there's the same number of passwords as files in the directory, it's not any better.

Hackers can randomly guess passwords just as easily as filenames. Assuming the original parent did it properly [have filenames that are unlinked, and just as long as the password hash] you're basically changing the chances of detection from 1 in something astronomically high to a few dozen in something astronomically high [ie no practical difference]

Re:problem with robots.txt tutorial

The HTTPD user should be a member of each users group so you don't have to set world rights to your files. Assuming it's just hosting and no other rights are required.

This approach isn't much better. Usually, each user's php scripts run with the permissions of the HTTPD user. Thus, any maliciously minded user who wants to access someone else's private data can just use php scripts. A bit awkward, but certainly not impossible.

Re:problem with robots.txt tutorial

[brooks_talley]

Even more entertaining is to add a disallow: /secret.cgi entry, and then have secret.cgi log the IP address, datetime, etc, of requests.

For bonus points, you can have secret.cgi automatically add requesting IP's to an apache rewrite config file.

Cheers
-b

Re:problem with robots.txt tutorial

[SuperFrink]

The HTTPD user should be a member of each users group so you don't have to set world rights to your files. Assuming it's just hosting and no other rights are required.

I like this idea but as a customer if I can run CGI pages or PHP (without safe mode) then it's easy to read everyone's files anyway because the script runs as the apache user.

Yes suEXEC exists but it places restrictions on the CGI which limits customers programming.

I have used CGIwrap and really liked it. Also it is some of the nicest C code I've ever read/worked with.

I heard Apache 2.0 may allow for the listening process to fork and change it's UID but 2.0 still isn't considered stable by most. In fact php.net says Warning Do not use Apache 2.0 and PHP in a production environment neither on Unix nor on Windows. To be honest I haven't tried apache 2.0 in the last 10-12 months. When I did it had threading issues so I swichted back to 1.3.

Re:problem with robots.txt tutorial

[ImaLamer]

Yeah, cheap shared hosting is largely insecure.

Is it any wonder that users of FREE webspace can't use password protected files?

If the user does, and then needs to use those passes in their server side programs then YES, they will lose everything.

Just don't put anything out there you don't want anyone to read; don't connect it if no one should come in.

Re:problem with robots.txt tutorial

[rtaylor]

Of course, this is easily fixed by a binary wrapper to PHP (to do a permission check) and executing php scripts as CGIs.

Not for the high volume sites, but seems to work quite well.

robots.txt?

[Karma+Sucks]

You're kidding right? Putting stuff in robots.txt is the best way to *guarantee* that robots will go specifically for the file/directories you choose to deny.

Don't be naive about robots.txt... expect to have to do some relatively fancy hacking to actually enforce it.

Re:robots.txt?

[jandrese]

Have you actually looked at your server logs? I have never seen a robot (this includes the search engine spiders, crawlers, and whatnot) disobey the robots.txt file. If you're really paranoid about it, disallow everything then allow only the stuff you want public.

Re:robots.txt?

[anthony_dipierro]

I have never seen a robot (this includes the search engine spiders, crawlers, and whatnot) disobey the robots.txt file.

I'm sure robots which intentionally disobey robots.txt files always send correct browser information.

Re:robots.txt?

[jandrese]

Well, since I was referring to things that download robots.txt and then peruse the disallowed URLs documented within, I don't see your point.

Re:robots.txt?

[liquidsin]

not all robots download robots.txt. In fact, I'd assume most of the more annoying ones don't, nor do they identify as anything other than MSIE 5.5.

Re:robots.txt?

[anthony_dipierro]

You weren't very clear, then. What you're saying is that no one has perused the disallowed URLs in your robots.txt file.

Re:robots.txt?

[jandrese]

How are robots supposed to exploit the disallowed (and presumably hidden?) URLs in the robots.txt if they never download it?

Re:robots.txt?

I think the point being made is that the Google bot will pay attention to robots.txt, and therefore won't store your bash_history in its cache.

Re:robots.txt?

Hey, you must be right! Go tell your friends and relatives. I'll be investing in the tin foil market.

In the mean time, please note that ALL search engines ALWAYS obey the robots.txt file for a very good reason: it specifies which pages might be dynamic. Maybe your evil "working for The Man" search engine likes to return lists of 4500 ebay auctions which no longer exist, online quizzes filled out with all blanks' results, and other such amazingly useful information but real sites like google are not interested.

Re:robots.txt?

Lots of robots disobey the file. I had one yesterday pound a site for 15 minutes before it got banned.

If you're really paranoid about it, disallow everything then allow only the stuff you want public.

There is no 'allow.' That's the problem.

Re:robots.txt?

[blibbleblobble]

"You're kidding right? Putting stuff in robots.txt is the best way to *guarantee* that robots will go specifically for the file/directories you choose to deny."

Oh, and always put /SpiderTrap/index.php in your robots.txt file, and start banning hosts which access such files.

Re:robots.txt?

[rossz]

And that's why I have a disallow for a trap directory. Accessing it gets you added to a mysql database and you are blocked with iptables.

Re:robots.txt?

[pclminion]

And that's why I have a disallow for a trap directory. Accessing it gets you added to a mysql database and you are blocked with iptables.

Awesome! I'll post a link to that location on my web page. Everyone who clicks on it will be banned from your site, even though they aren't a spider!

Oh, the fun I'll have...

Re:robots.txt?

[xombo]

not all robots download robots.txt. In fact, I'd assume most of the more annoying ones don't, nor do they identify as anything other than MSIE 5.5.

Simple solution: Block all MSIE users from your site.

Re:robots.txt?

[rossz]

The block is temporary. (hits-1)^2 minutes, so: 1, 2, 4, 8 ... minutes of blockage (cron job that cleans up is run every 10 minutes so the actual block time isn't exact). At 16 hits the block time is 22 days 18 hours 8 minutes. I also use mod_rewrite to send codered, nimda, and formmail exploit attempts to the perl script.

Re:robots.txt?

The block is temporary. (hits-1)^2 minutes, so: 1, 2, 4, 8 ... minutes of blockage

You probably mean 2^(hits-1) minutes.
The other way gives you 0, 1, 4, 9, ... minutes.

Re:robots.txt?

[rossz]

Oopsie. Yes. 2^(hits-1) minutes.

Remember kids, alcohol and math don't mix. Don't drink and derive.

Re:robots.txt?

[cpeterso]

http://www.vamos-wentworth.org/robots.txt

http://www.vamos-wentworth.org/no_way

Re:robots.txt?

[rossz]

It seems rather stupid to go to a webpage that guarantees you will be blocked - unless the intent is to test it. Fine with me, testing is good. Feedback is even better.

In case anyone is interested, instructions and code can be obtained here.

Re:robots.txt?

[Patrick13]

I have never seen a robot (this includes the search engine spiders, crawlers, and whatnot) disobey the robots.txt file.

um. the spambots routinely crawl excluded files and directories to get email addresses.

If you want to test - just put a "spam only" email address on a fresh webpage, exclude it in your robots.txt, then link to it from somewhere on your public site. You won't have to wait long.

Re:robots.txt?

Good idea. I do this myself with a homebrewed program that blocks things for a variable amount of time. May I suggest another addition: CONNECT attempts - http proxy exploit attempts try these.

You might also try looking for a "GET http://foo.bar/" where foo.bar is not one of your virtual hosts. This one is a bit harder to do cleanly, since it can bite you when you add a new VH without informing the watcher program.

I used to do a bunch of mod_rewrite junk to deal with bad things like EmailSiphon (user-agent analysis). Now I'm looking at handling it at this level for actual blocking instead of just throwing wpoison crap at them.

I look forward to a day when I can tie this system in with others - friends and other people who think the same way. Then, when you screw with one of us, we all block you for awhile. It brings a whole new meaning to the term "enjoy your intranet"...

Re:robots.txt?

Two suggestions based on reading your page:

1. Please don't use suidperl stuff. Split this thing up and have a persistent privileged process to call iptables and use some kind of IPC to send block requests to it. How about a unix domain socket that's only accessible by some user, then have the CGI program be suid to that user? suid root stuff under a web server is scary.

2. Apache (well, the kernel) has to wait around for ACKs as you said. Consider adding a rule to your *output* chain.

iptables -I OUTPUT -p tcp --sport 80 -d luser.address -j REJECT

That'll make the outgoing session die quickly, since it'll get rejected at the local system. Without this, you have to wait for the whole thing to time out since you'll never see ACKs or FINs or anything else from the far end.

Re:robots.txt?

[rossz]

Please don't use suidperl stuff. Split this thing up and have a persistent privileged process to call iptables and use some kind of IPC to send block requests to it. How about a unix domain socket that's only accessible by some user, then have the CGI program be suid to that user? suid root stuff under a web server is scary.

I've been considering something along the those lines, but that's new territory for me (I'm don't consider my self an expert coder on Linux).

Apache (well, the kernel) has to wait around for ACKs as you said. Consider adding a rule to your *output* chain.

I rather like how my web server simply ceases to exist to offenders, but you are probably correct that REJECT is a better choice over DROP.

Re:robots.txt?

[rossz]

Oops, I overlooked that you were referring to the output chain, not the input. I'll study this some more.

rainy day activity

[British]

Sometimes its fun to look for WSFTP.LOG files and see what people have been uploading to website. You might find a file or two that's not linked from the other pages.

Of course, it's not as fun as looking through the open "images" directories on angelfire pages. You always find stuff that's not linked from the main page.

Re:rainy day activity

[Dwedit]

Homestarrunner.com left their WS_FTP.LOG files up for a while...
#1 #2 #3

At least they took the one out of their root directory.

Sesitive?

[GoofyBoy]

use Google's cache to quickly hunt down sesitive pages,

Try hacking a dictionary.

robots.txt

[panaceaa]

Robots.txt only makes well-behaved search engines not index certain portions of your site. You're still going to be vulnerable until you take the sensitive pages off-line completely. But even then, if a passwords list has been indexed by Google, updating your robots.txt file won't remove it from Google's cache until Google spiders your site again. At which time, Google will discover the passwords list doesn't exist and remove it from the cache.

At least that's how it should work. Is anyone aware of Google requesting robots.txt more often than they spider pages? And then proactively removing pages from their cache based on new robots.txt entries?

While the article deals with Google specifically, lots of non-well-behaved spiders go through common locations looking for password files regardless of what you've blocked out with robots.txt. The only way to completely protect your data is to remove it from your site.

Re:robots.txt

[KenSeymour]

I think you have to do more than that to get it out of the cache.

I once had family phone numbers on a web page. Upon reflection, I decided that was no good and deleted the web page.

It remained in the google cache until I replaced the file with a blank one with the same URL.

Re:robots.txt

[MrEnigma]

Yes it should work exactly like this.

But google doesn't spider all of your pages all the time. And plus it may just throw the page up, and give the cache anyhow, since the page is "down". Semi archives it for you wether you like it or not.

Re:robots.txt

[Jugalator]

ROFL -- It's also amusing when the admins don't understand what the file is for!

Look at IBM:

http://www.ibm.com/robots.txt

First comment:

Date: 19950130
By: epc
Reason: finally understood what the file was for!

At least the admin was honest, but a bit embarrasing for being on ibm.com. :-P

Re:robots.txt

[zero-one]

Indeed, http://www.ibm.com/robot.txt is a good example. Even with my complete lack of hacker skillz I can find out from one easy to read page that:

They are probably using perl and cgi and where scripts might be kept

There is possibly an admin area in /admin

There might be interesting things to look at in /zx /zz /i/ and /tmp

The webmaster's names

That they probably use something called Fast corporate crawler
I am not saying that any of this would give anyone a way of hacking their site (which, by the way, I am not trying to do!), but perhaps some of it is more information than they might be wanting to make so easily available.

Re:robots.txt

[innate]

Actually, that's pretty good, since the Standard for Robot Exclusion was proposed in 1994. I'd say IBM "understood" it several years before most people did.

Re:robots.txt

[UncleOlethros]

According to my experience with my webservers, Google will request robots.txt frequently as it spiders a site. And yes, they do remove pages from their cache based not only because of new robots.txt entries but new META tags in individual pages.

If you can't wait until the next time Google crawls your site to have your information removed, you can always use Google's Automatic URL Removal System. Details are available here.

A few months back I updated all of my web pages to include the NOARCHIVE META tag. I then submitted my site to Google's Removal System and within three days Google had crawled everything and updated their database. The result was that my pages were still searchable, they just weren't cached.

As you noted, though, there are plenty of robots that do not obey robots.txt. Google may be conscientious, but others are not.

Re:robots.txt

[frodo+from+middle+ea]

Check out Sun's robots.txt

Part i like best

# If you do actually go to the trouble of figuring out how to download # the files without registering, what you'll end up with is 1 or 2MB of # stuff that is meaningless to you unless you have purchased an # Ultra AX board from Sun. So, please do purchase an Ultra AX board, # but then you might as well use the URL you'll be given along with it.

Re:robots.txt

[ImaLamer]

Why are they hiding this?"

Must have something to do with that 9/11 report.

Re:robots.txt

[caluml]

And who is this maste of the web that the speak of? :)
# The webmaster for this site is <webmaste@us.ibm.com>

Re:robots.txt

[quinto2000]

Notice anything about the length of that username? Yeah, it's 8 characters long. An old limit on username lengths, to be sure, but understandable in 1995...in other words, it is not a typo.

Re:robots.txt

[jesser]

Why don't you want Google to make its cache of your pages available to searchers?

Re:robots.txt

[jesser]

If I search Google for "Fast corporate crawler", the first hit is http://www.ibm.com/robots.txt! I've never seen a robots.txt turn up in search results before.

Re:robots.txt

[Jon_E]

oddly enough the same header that perlfr is using .. guess they didn't know what the comment was for ..

Re:robots.txt

[UncleOlethros]

There are lots of little reasons, some practical, some personal, but they all basically boil down to the fact that I want to be the one controlling my content. I'm responsible for it, so I want to be in control of it--that way if I have to change it or remove it or whatever, I can do so without having to deal with Google (or the Internet Archive, which I also don't permit to cache my pages).

In my mind it's strictly a matter of personal preference. Most of my clients don't care, though I do mention it to them so they know, and are able to make informed decisions.

Re:robots.txt

[caluml]

I noticed, but it wouldn't have been funny.

Hardly news.

Stuff like this was reported 2 years ago.
It's always great to see US security science catching up with the status quo.

robots.txt

[zero-one]

Having a robots.txt is a good idea but it always amuses me when web sites use robots.txt to list all the areas of their site that they don't what people to look at. When robots.txt contains entries like "Disallow: /admin.asp" or "Disallow: /backdoor.asp" it stops being a way of controlling search engines and becomes a site map of all the places hackers might be interested in.

Heh

[4of12]

Yeah, like I always store my bash history in below my DocumentRoot directory.

Anybody that does this is Running with Scissors.

Re:Heh

[Scalli0n]

Parent gets to the root of the idea (pun intended). Don't put your documents online if you dont want people to read them or haXorize your system. It's that simple.

Re:Heh

[hungfarlow]

I love Running with Scissors! Very cool tunes!

Yeah...

[tds67]

...as if anyone on Slashdot uses Google...sheesh.

Re:Yeah...

[DarthWiggle]

zen...

Re:Yeah...

[tds67]

Suddenly I feel naked.

Hackers use google

[evilmonkey_666]

And google are aware of this, why else would they create this Hacker Version?

Re:Hackers use google

[jared_hanson]

That is really funny, you deserve mod points. I have never noticed that before. At first I was afraid to click the link, knowing what kind of popups are associated with hacking pages (and I am at work). The link is safe however, for all you people in my boat, and it is worth a good laugh.

Re:Hackers use google

[prichardson]

That's not the hacker version, it's the l337 skr1p7 k1dd13 version. This is the hacker version. See, they hacked it to be readable. Something many hackers need.

Re:Hackers use google

Get a fucking sense of humor.

this is interesting

http://www.mit.edu/afs/net.mit.edu/user/foley/Root /bash_history

I'd post the contents but it is "too few characters per line".

use deflection in mod_rewrite to keep crawlers out

[stonebeat.org]

It is always a good iea to kep the robots out of anywhere there is sensitive information. i several methods for added security. robot.txt is a good way, but i also the deflecction technique in apache's mod_rewrite to keep the crawlers out.

Old news...

[Darth+Fredd]

This has been around for quite a while..searching for sensitive pages like /etc/passwd used to turn up a lot of very intresting results..but thanks to pagerank (you bastards!) google isn't *as much as* a script kitty tool as it could be..

you'd be surprised how much is in the clear.

PS: I say "kitty" instead of "kiddie" because even my cat could script, if I had one..(hope that made sense..)

Re:Old news...

Script pussies are the female ones.

It's also a good way to get on the FBI list.

Search for certain phrases and RIAA - FBI will be after you, along with the Department of Homeland Secuirty.

ICQ

[bazik]

A friend of mine actually used this to steal ICQ numbers. He wrote a perl script wich googles from "00000001.idx 00000001.dat" to "99999999.idx 99999999.dat" and spits out the result links to a textfile if it gets a full match.

The ICQ password is stored in one of those two datafiles and there are dozend of free decrypt programms for that out there.

But if you think about it... how or why does someone put his ICQ directory on a webserver?!

On the other hand... some people are hosting pr0n sites and dont even know about it ;)

Re:ICQ

[no+soup+for+you]

shocked! that's against google's terms of service, I hope you know

(end sarcasm)

Re:ICQ

[pclminion]

But if you think about it... how or why does someone put his ICQ directory on a webserver?!

That's nothing. I've seen numerous instances of people putting their entire freakin' C-drive on their web server. Probably installed a personal web server and didn't know how to configure it, so they set the web root to "C:\".

Re:ICQ

[Politburo]

If you're lazy and wanted to transfer ICQ information between sites, you might just toss it up on some webspace you have, download it from where you wanted it, and then forget about it forever.

Re:ICQ

[oni]

and then forget about it forever.

kind of like dropping a key in a drawer and forgetting about it - only the house knows where it is all along...

how's that for an obscure book reference?

Re:ICQ

At least with old versions of PWS, by default it would create HTTP "virtual directories" from every Windows Networking shared directory, so if the user shares C:\ as 'C' with the intention that it be used from their LAN, PWS dutifully makes it appear at /C/ on the web server.

It's been so long since I've seen PWS I've forgotten how to turn this off, but it was a FAQ in a web server newsgroup I used to frequent.

Re:ICQ

[hatrisc]

in reply to your sig, google glossary doesn't even know "fp" to be first post.

Re:ICQ

YHBT. HAND.

Re:ICQ

[cajunfj40]

Sure would be nice if Gibson wrote some more stories in that universe/timeline...

Re:ICQ

[ktorn]

Reminds me of sometime back in 1999, when a friend and I were browsing the web from college. Suddenly we found someone's entire hard disk content. The whole lot.
It took us a while to recognise the content and realise the browser was pointing at file://....
Duh!

Hacker, not cracker?

[Phantasmo]

I find it kind of depressing that even in Slashdot abstracts the word hacker isn't translated into the more correct "cracker".

In this case, you could argue that using Google's cache to track down information for the purposes of cracking is very clever and is therefore deserving of being called a "hack", making the cracker a hacker.

Re:Hacker, not cracker?

Where I come from, a cracker is a crispy salty biscuit. Or a honkey.

Re:Hacker, not cracker?

Please mod parent: Fucking Idiot Nazi Fuck.

Re:Hacker, not cracker?

[MasterSLATE]

Maybe because there is such a thing as bad hackers?

Not all hackers are good guys, and distinguishing between good and bad ones by calling them crackers isn't helping.
There are white hat, grey hat and black hat hackers. They all do the same thing.

Someone who cracks a password is a cracker.

Calling them crackers instead of bad or evil hackers that are on the dark side is not very proper...
Hmm, not a Star Wars fan at all, but correct me if I'm wrong, there are good and bad Jedi's Some just go to the dark side and some go to the light. Same with hackers.

Re:Hacker, not cracker?

[Phantasmo]

there are good and bad Jedi's Some just go to the dark side and some go to the light
Yeah. The good ones are called Jedi and the bad ones, just to make things easy, are called Sith.

Kinda like the Hacker v. Cracker issue.

The point is that people can no longer call themselves hackers and expect any kind of positive response from the general public. Hackers are bad guys to them, and if they were to head to Google Groups and look at the messages from a decade ago, they'd think that the whole industry was spawned by bad guys.

Re:Hacker, not cracker?

[digidave]

A cracker is someone who cracks software copy protection while a hacker is someone who comprimises systems and can be either white hat or black hat. Hacker has also come to mean anyone who fiddles around with computers a lot, though I don't care for that definition. I call those people geeks :)

Re:Hacker, not cracker?

[MasterSLATE]

I understand your point, but why bow down to them? As I see it (and I'm sure many others do,) the only action to take is to change that perspective. Education is stronger then ignoring the issue.

Re:Hacker, not cracker?

I call Godwin's law...
this thread is officially over :P

Forgotten

[orange_6]

So if I forgot my password, google can just tell me what it is? Can it tell me my credit card number too?

Re:Forgotten

[PhxBlue]

So if I forgot my password, google can just tell me what it is? Can it tell me my credit card number too?

Good question! Give me your credit card number, and I'll give it a try.

Re:Forgotten

[grotgrot]

So if I forgot my password, google can just tell me what it is? Can it tell me my credit card number too?

Funnily enough it can. Get the latest (beta) Google toolbar and there is an autofill button. It works really well, and will paste in name, email, address and credit card info into fields it automagically recognises.

Sad but true: the Google toolbar is the main killer app that stops me migrating from Windows to Linux. I use almost all of its features daily. The equivalent toolbars on Linux browsers have significantly fewer features.

Re:Forgotten

[angst_ridden_hipster]

You can do autofill with Mozilla under Linux, Windows, or even MacOS.

The only thing that the Mozilla Googlebar clone doesn't do (as far as I know) is show PageRank[tm].

Re:Forgotten

[pdxmac]

Yeah, but you have to reinstall the Googlebar every time you put up a new build. At least in Firebird...

My favorite...

[inertia187]

My favorite Google search phrase is:

"Index of" "Name Last modified Size Description"

Then you add file extensions or other things. For example:

• mpg
  
• mov
  
• mp3
  
• secret - doesn't have to be file extensions...
  
• "My Documents" - yeah, that's secure...
  
• etc
  

Anyway, as you can see, it's pretty effective. Sometimes admins wise up, and all you have is the Google cache. But sometimes they don't, and you get to look. Thanks Google!

Re:My favorite...

[cybrthng]

Doncha just love the fact that the first my documents returned is an MIT students lab PC describing security over wireless networks? haha

Re:My favorite...

[CompWerks]

Hmmm... The Secret search provided some interesting results especially a link to the "Secret Pipe Factory"

Re:My favorite...

Been doing this for years to find other people's personal pr0n that they thought was safe - especially on .edu domains. New Years Eve party-pics are usually the best...

Re:My favorite...

mdb (MS Access database) is an interesting extension to search for.

Re:My favorite...

[thinkninja]

You forgot one.

Re:My favorite...

[barryfandango]

Oooh that's cool! check this link out that it turned up:

http://www.liada.net/~secret/

all in spanish, but the documents are all about toxic substances, i think... and there's one JPEG that appears to be a sketch of a missle! Now that's top secret!

Re:My favorite...

[Gareman]

How about photos and designs for nuclear power plants? http://www.ps.uci.edu/~sobel/

Re:My favorite...

Wow, just tried "mny" (MS Money files). Mental note make real sure that file is not on your web-server!

Re:My favorite...

[Kingpin]

Yea.. The "secret" one lead me to this NASA document: http://zeus.nascom.nasa.gov/~pbrekke/IMG_2776.JPG

I guess something DID happen in Roswell after all.

Re:My favorite...

Here is my favorite... This guy has his SSN, name, position and his address in this picutre!!
http://inconnu.isu.edu/~ink/pics/misc/badges.gif

Re:My favorite...

[jesser]

I don't think that's a SSN. SSNs are 3-2-4. The number on his badge is 3-3-4, probably a telephone number.

Re:My favorite...

[Anthony+Boyd]

"My Documents" - yeah, that's secure...

Interesting. I went through the results and found a mystery (at least to me). Check out this My Documents folder, and click the 10 Q & A link. Watch what happens as you click the resulting links. What is going on here?

Re:My favorite...

[inertia187]

Yup. It's a fake. Nice one too. I love it when people do stuff like this. The great thing is, some day the author will go through his referrer log and see this thread. Gotta love the Internet.

/etc/passwd

/etc/group AE1/2AaUnB(C)cfEA
"OC"-1/4:pX[h:UID:GID:-{-1/4:z[ fBOENgS:OC"VF" AB

root:uKonr4RoNwQWs8:0:0:root:/root:/bin/bash
bi n:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm :*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:s hutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbi n:/sbin/halt

Re:/etc/passwd

[jared_hanson]

You should really use something other than '*' for your password. It is far to easy to guess. Just a suggestion

Re:/etc/passwd

surely, you're joking.
'*' is a placemarker for shadow passwords.

Re:/etc/passwd

[arth1]

BZZT, wrong.
* is a character not allowed in the encrypted 13-character A-Za-z0-9./ password, and as such the account can not be logged in to.
x is used for shadow passwords.

Anyhow, I think the original poster aimed for a +1 Funny, and not +1 Insightful. If there's any justice on /., you'll get neither.

Regards,
--
*Art

Re:/etc/passwd

It's weird how Solaris stores the root password the normal way and uses shadows for the rest of them. Just weird (Does this only happen on the Japanese edition?)

Re:/etc/passwd

BZZT!

Mod Parent (-1, Jackass)

Well, duh!

[panda]

If something is meant to be private, then why even temporarily put links to it on your publicly visible pages? Additionally, if something really is private, then lock it down in the httpd.conf so that only certain IP addresses can access it. Then, its basically invisible to the rest of the world.

Of course, if there's a bug in your server software all bets are off. Which is why it's better not to put private stuff where it can be seen on a public network.

I would have thought that was pretty obvious.

Here's One

http://216.239.53.104/search?q=cache:ZXr9CV9oYcsJ: www2.connectnet.com/users/jon/.bash_history+allinu rl:+.bash_history&hl=en&ie=UTF-8

Example of this technique

[The+Masked+Fruitcake]

A prime example of this has been demonstrated to us previously...

Use WhittleBit

Try using WhittleBit - it is good in that type of situation when Google just refuses to give you what you want.

No News for h4x0r's

[akiaki007]

How come there's now News link in the google h4x0r page? not allowed to read the news?

Re:No News for h4x0r's

[evilmonkey_666]

There does not seem to be News links in any non-English google mirrors...

Re:No News for h4x0r's

[CastrTroy]

But they have news in french

Other interesting things

description size modified parent directory index last modified images [extra]

will yield open image directories. For extra you can try party, drunk, a female body part, linux, "lan party" etc...

You can tailor the search for some interesting finds.

In fact, I even found a current /. users image directory...

BZZZZZZZT! Wrong!

[Entropy248]

I don't think so.

I went through all 6 pages of results and found nothing. Ditto for searches on any of the terms individually. I imagine that searches on individual sites might be what the author is actually talking about, but have no independant means of verifying this. This FUD detected by Entropy248. Wow. I just RTFA and tried it at home...

Re:BZZZZZZZT! Wrong!

Please read

Re:BZZZZZZZT! Wrong!

Do you really think they'd put the exact terms so jackasses like you could try it at home? Fuck you're dumb. FUD detected by Entropy248!!11! This doesn't actually work!!

Interesting Website Ideas

[fastdecade]

This article gives me great ideas for a website:

* bash.history blog - Everything I ran today
* /dev/tty blog - Everything I typed today
* /dev/stdout blog - Everything I saw today

COMING SOON: Welcome to My Bank Account Details, Favourite Passwords I Enjoy Using

Re:Interesting Website Ideas

[dhodell]

No, really, it's not funny, it's a good idea. It'd be a nice research project to put up a "Google honeypot" of sorts with fake directory indices, "hacker tricks" (as are here so deemed) and the like. Get a few people to link to it and see what kind of activity is found. I think this would also accurately poll the cracker levels at Google, assuming you had "keyword rich honey" (for lack of a better description).
Perhaps I'll do this.

Re:Interesting Website Ideas

[fastdecade]

Good idea --- though you might want to be a bit more subtle than the names above :-)
("oops i left my login details in my personal links page")

Re:Interesting Website Ideas

[sharkey]

What, no *core blog - Every dump I took today?

Google?

What is google?

Re:Google?

Jesus, why does everyone have to waste time and bandwidth asking these questions here? Just google it!

Test This Method

I tried searching for "CmdrTaco" and "password", and I discovered that his password for slashdot is "ImGay". Dont tell anyone.

.bash_history is NOT a security feature!

[multipartmixed]

> allows for an admin to see if anyone has compromised security, no?

Only if the compromisors are morons, and have done it "recently".

A non moron would type "HISTFILE=" before exiting a shell he'd been "playing" in.

Re:.bash_history is NOT a security feature!

[Cramer]

bash# kill -9 $$

This is news?

[karlandtanya]

So, let me get this straight: There is cracking info on the web. And Google can be used to search the web.

We have a situation here, folks. Something must be done!

Well, what do you expect from "new scientist"?

Re:This is news?

[mph]

So, let me get this straight: There is cracking info on the web. And Google can be used to search the web.

So, let me get this straight: You didn't read the article. It's not about using google to find pages that talk about cracking, it's about using google to find sensitive information that shouldn't be on the web, but is (presumably by accident).

Re:This is news?

[karlandtanya]

Hmmmm... reply seems to have failed earlier...

This situation is a consequence of living an open society that information which "should not" be available is available.

This has nothing to do with google and cracking.

Exactly the same situation was demonstrated in the '70's by Princeton student "John Artistole Phillips", better known as "The A-Bomb Kid". For him, it was the telephone, university and public libraries, and fission weapons instead of google and cracking.

Again, news it ain't.

Re:This is news?

[sharkey]

We have a situation here, folks. Something must be done!

Switch to Windows 2000/XP. It's already secured, you have to hit CTRL-ALT-DEL to log in.

Scuse me?

[arth1]

Shouldn't that be bash_history, passwd and tmp?
Was this written down by a non-techie from an audio interview?

Regards,
--
*Art

Re:Scuse me?

[benja673]

The funny part is when I read your comment, I
didn't get it... until I remember that you spell tmp T E M P.

script kiddies

[y77]

I have several methods for password in the other pages. Of course, its content. Now Im really sensitive about it from their cache until Google requesting robots.txt more often than they are dozens of all the deflecction technique in ~/.bash_history? The first thing I disallow /unpub only. That contains su in the a number of google searches. The only 2 history in apaches mod_rewrite to my site map of those two thats how much is a perl script kitty tool as it is a deflecction technique. The next thing I would imagine is that it should work. Is anyone aware of my site? Of course I have a box that is a mistake and wiped it. Everyone must aware of those are who are Unix stupid, so they dont even know what my cat could script, if I say kitty instead of kiddie because even then, it's a webserver!

Not exactly new

[teklob]

There is a section in Hacking Exposed about this. Also, you don't just search for the word "password". you search for phrases. eg "Index of "/cgi-bin" to find someone who has improperly chmodded his site etc.

Re:Other good methods.

Haha, that method is actually pretty useful. I was at a test facility for a major computer manufacturer and they were testing a new SGI Origin with multiple CPUs, a SAN, and some other goodies attatched to it. When they walked me around the room I noticed a postit note on the front of the computer that said ROOT PASSWORD:. I then turned around and on the whiteboard they had a large note that said IP ADDRESS:, I took some notes that day.

DMCA and robots.txt

Since robots.txt is an access control mechanism wouldn't bypassing it be a violation of the DMCA?

still...

[thoolihan]

One would _think_ that admins would protect against this now, but i'm sure many won't.

either way, it's a sweet hack, considering that the admin won't have any logs to show how the information leaked

-t

robots.txt folly

[arth1]

It might be worth it NOT to look at robots.txt -- after all, with robots.txt you effectively disclose to anyone who asks what you don't want to be shown.

A robots.txt like this would be invaluable to a hacker, even though it would prevent Google from indexing:

User-agent: *
Disallow: /secret/passwd

Regards,
--
*Art

Re:robots.txt folly

[BenjyD]

Exactly what the RIAA did before they got hacked the last time

Re:robots.txt folly

[Mikey-San]

Not knowing much at all about how the robots.txt file works, couldn't you just stick your sensitively named directories inside commonly named directories and deny access recursively?

User-agent: *
Disallow: /Users/Documents/*

And inside that directory is "Top Secret Panty Raid Plans".

Educate me, people. :-) What can one do to get around the parent's posed problem (and all of this alliteration)?

Re:robots.txt folly

[wraithgar]

Yes, but you have to admit that being a result in a google search is MUCH more high profile than just sitting there on a random IP.

That being said, it would be dumb to allow any sensitive data to be brought up from a http request, no matter how obscure. Prudence would dictate that you AT LEAST .htpasswd protect it, or better yet don't make it serveable by your web server.

Re:robots.txt folly

[arth1]

Educate me, people. :-) What can one do to get around the parent's posed problem (and all of this alliteration)?

Simple: If sensitive information must be on a web server, put it on a secure web server behind password authentication. If really sensitive, change the filename every so often too.

In any case, to turn directory indexing and symlink following OFF might make a good start for non-sensitive files you just don't want to show up. And for dog's sake, make sure your http directory is ONLY used for web content, and only point ONE web server at the directory and clean up real good if you ever switch (the second web server might not know that the first one treated .htpasswd and _vti_* as hidden files and directories)

Regards,
--
*Art

Re:robots.txt folly

[zhrike]

couldn't you just stick your sensitively named directories inside commonly named directories and deny access recursively?

Sure. However, I can't understand why anyone would have any sensitive info unsecured behind a number of mechanisms. I use robots.txt to keep spiders out of developmental stuff mostly, and do not see it as a security mechanism in any way...because it's not. ;-)

Re:robots.txt folly

[Mikey-San]

Yeah, that's what I was thinking.

If it's important, lock it the Hell up.

Wha?

You mean this is news? They should call it the Old Scientist.

I learned everything I know about security via search engines and by getting hacked.

l8,
AC

Re:Wha?

"Good for you, Ma'am!"

Wrong use of robots.txt

[vadim_t]

It's supposed to be used to tell bots not to access some parts of your site due to other reasons.

Common reasons would be that you host a site with a forum on a DSL line and don't want google to index all 5000 threads on it. It's also good for dynamic pages, for example it makes no sense to index a generated page that will be out of date tomorrow. It'll be much better to let it index the archive instead.

Using this for security is just stupid though, as it'd contain a list of vulnerable places. Maybe it will make harder for people to find your vulnerabilities from google, but it will help a lot whoever wants to attack you specifically.

Security problems have to be fixed by setting proper permissions and keeping your server up to date, and not by relying on that every spider that comes to your site will be polite enough to follow robots.txt

Re:Wrong use of robots.txt

[Ugot2BkidNme]

I use robots.txt all the time just to hide information that people shouldn't be looking for as far as security goes well Depending on a robots.txt file is moronic.

Some valid reasons to use robots.txt
--For Promotional offers
--if you have script files there would be no reason a search engine should look at
--hiding images
--For test site information on a new design you are showing an external client. The thing that ammuses me so much about robots is if you set up tracking on your site to track wherever anyone goes you would not believe the amount of 404 errors you will get from robots.

Not too mention the fact that almost every stupid script kiddie who attempts to get into your site not only leaves you his IP But the command he was trying to run and the exact time that this user was attempting to do this.

Then they are shocked when you contact there ISP and find themselves in trouble.

Re:Wrong use of robots.txt

[vadim_t]

Heh, why would be anybody be surprised at having their IP address logged? Apache logs all accesses by default, it's nothing new. And not very related to robots.txt, anyway.

You should be careful about trusting IP addresses in logs, though. A smart attacker would use a cybercafe, hacked computer or proxy instead of his/her own computer. Getting the wrong person in trouble won't help you much.

One word about the google cache...

[presroi]

Some people think that the google cache does not reveal the host name to the http-server.

The result looks like this:

proxy1.health.magwien.gv.at - - [29/Jul/2003:22:27:14 +0200] "GET /hfaq/icons/linki.png HTTP/1.0" 200 278 "http://www.google.at/search?q=cache:QIq92lU3jkUJ: www.presroi.de/hfaq/+heroin&hl=de&lr=lang_de&ie=UT F-8" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; ENR 2.0 emb)"
proxy1.health.magwien.gv.at - - [29/Jul/2003:22:27:14 +0200] "GET /hfaq/icons/bt3.gif HTTP/1.0" 200 3170 "http://www.google.at/search?q=cache:QIq92lU3jkUJ: www.presroi.de/hfaq/+heroin&hl=de&lr=lang_de&ie=UT F-8" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; ENR 2.0 emb)"
proxy3.health.magwien.gv.at - - [29/Jul/2003:22:27:43 +0200] "GET /hfaq/stats.html HTTP/1.0" 200 5231 "http://www.google.at/search?q=cache:QIq92lU3jkUJ: www.presroi.de/hfaq/+heroin&hl=de&lr=lang_de&ie=UT F-8" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; ENR 2.0 emb)"

Re:One word about the google cache...

[Psychic+Burrito]

What you are saying is that images are not cached by Google and are automatically fetched from the original server (if still available), and hackers can be tracked by the original site admin when using this exploit.

This might look reassuring at first sight, but of course it can be overcome very easily by turning "auto load images" off in your browser. So, hackers cannot be tracked again (except by Google itself, of course :-))

phpmyadmin same thing

[joeldg]

I have seen more phpmyadmin pages wide open on google that anything else.. Not putting things like that under htaccess at least is pure laziness and stupidity.

Also it seems people put mysql dumps on their webservers as well..
search for ' "SELECT * FROM credit" + "###" ' and you will see.

This has been going on since google introduced the site cache.

some guide!

[mblase]

Long says an obvious combination of search terms would include the terms "bash history", "temporary" and "password".

Hmph. When I searched for those phrases at Google, all I got were a bunch of Linux technical how-tos and code samples. If this guy wants to teach us how to be hackers using Google, he's going to have to be more helpful than that!

Here is another one

[MakaveliFIN]

Here's an even better article: Neworder

Want mp3s?

search "index of mp3" ;)

My favorite: access_log

[shoppa]

At least 5 years ago it was fairly common knowledge that if you found any webserver's access_log you would get some juicy URL's. The method still works...

Big Brother Monitoring software

Anyone familiar with Big Brother knows that it has web access pages that allow you to monitor servers on your network. Of course your suppose to keep these pages private, but lots of people dont. This makes it easy for us to determine what servers are running on a network, and what services are running on each server.

Try searching google for: red Big Brother Status

Enjoy ;)

For more h4x0r fun . .

[scarolan]

try searching for _vti_pvt and service.pwd on Google. There are lots of people still using frontpage 4.0 or whatever, with their frontpage password file in plain view. I won't tell you what to do with that file, if you don't know already.

Re:For more h4x0r fun . .

aah, "Popular Security" http://www.popularsecurity.com/_vti_pvt/

Google Warez Machine

[dhodell]

I regarding the ability to use Google as a warez search machine. The article was about Google censorship and the one response to my post pinpointed almost exactly the point that I brought up, which is the point discussed in this article.

Google has a nice long list of directory lists containing warez (remember the days of l33t FTP searching for filenames? Google for something like, in my last article: "xwin32*.exe * * * * *" "listing of"), serial numbers (Oh, I've found XP's serial number several times in Google's cache) and other "sensitive" information. My question is if other commercial sites are being constantly shut down due to these links (intentional or not), why aren't people targeting Google as well?

In fact, if I'm *cough*too cheap to buy software*cough* or just want to evaluate some crippleware or such before I buy it, I often skip astalavista and cracks.am and just Google it up. Saves me the porn and pop ups, and I don't have to cripple my browser for this (yes I know it's possible to do in other ways, yes I enjoy javascript, no thanks, I don't want comments about how I'm retarded because I don't do it the right way).

This is similar for sites such as the Internet Archive's Wayback Machine that contains other sensitive information.

Because of the academic merit of both of these search mechanisms, I doubt either one will be shut down. Indeed, I highly doubt restrictions will be placed. They're valuable tools for finding more valuable tools. For more information about this sort of stuff, I suggest searching on Fravia+'s web-searching lore. Other information on there relates to "reality cracking", reverse engineering, and other taboo topics. Google's got it all cached. Interested? Just search for (insert topic here) site:searchlores.org.

Sometimes I don't think the comparison of Google to God is that far off. Pardon my heresy.

Re:Google Warez Machine

[Dave2+Wickham]

Saves me the porn

Saves you? You mean you don't want it? ;)

Re:Google Warez Machine

[krysith]

It's nice to see someone linking to Fravia+'s. I've always enjoyed that site. A lot of the info on it should be old hat to many /.ers, but it is good to learn from and has occasional truly juicy tidbits.

Re:Google Warez Machine

[geekoid]

it is not googles responcibility to monitor what other people on the net are doing.

Besides, that sword as 2 sides, if someone intending malace uses google then a law enforcement agency can also use it.

Re:Google Warez Machine

did anyone ever cache his old pages? if you saw them, you know the ones I mean...

wrong wrong wrong.

[mumblestheclown]

i suspect i will be modded as a troll. oh well.. i have the karma for it.

look - i like and use google. and, i fully appreciate that a great number of slashdotters here also like google because while it may be a for-profit closed source entity with very little transparency or accountability, at least a) it's not microsoft, and b) it works.

however, i think a few lawsuits of google are in order. google can afford the damages, and the net will be better for it.

as an author of a web page or even a log file, you have the right to publish and de-publish it. just because it's on the net does not give google the right to cache it indefinitely. it is not MY legal responsibility to make sure that I proactively do robots.txt or whatever else the trick of the day is (x-noarchive) - that is the intellectual property equivalent of opt-out.

if google wants to keep an index of web pages for people to search on, that's fine. heck. even if it keeps the full text internally, that's fine too, as long as it gives people reasonable 'fair use' snippets. but if it caches stuff that an author has removed from the web or that an author has written, say, in order to expose people to a nearby advertisement which google's cache doesn't catch, then google shouldb be guilty of copyright violation. automated or not (ie, the 'napster' excuse doesn't wash here, either)

Re:wrong wrong wrong.

[nolife]

If you want to control the distribution of your work, don't publish it for free in a public place. That is your choice.
Your reference to usenet is laughable but common. Who should determine how long your posts should stay on a news server? Why does it have to stay on a news server? What if I save all messages I read for ever? What if one news server has a 3 year retention but another only has 3 hours? If you don't want your comments to become publicly availalble then don't post them publically. It is really that easy. You don't have to use x-no-archive, but you don't have to post either.

Re:wrong wrong wrong.

[il_diablo]

Interesting point.

It does, however, have some interesting corrolaries. If you plan to sue (or have someone sue, or some such) Google for caching your site, what do you plan to do about every single person who ever visited your site having a copy of what they viewed in their cache?

That's a lot of lawsuits.

Re:wrong wrong wrong.

[mumblestheclown]

i have a reasonable expectation of individual visitors cacheing the content in their local browser cache. this is a common artifact of web browsing. customers who walk into bookstores leave with memories of the books they saw. both are cleared out with reasonable time.

there is no reasonable expectation of somebody walking into a bookstore, memorizing the books, and then offering them for free to passersby. this is what google does. this is copyright infringement.

Re:wrong wrong wrong.

[patterner]

Heh, always assuming that the site wasn't so lame that it actually got a lot of visitors. :)

Re:wrong wrong wrong.

How long have you been using the Internet, dude? If you put it out there, you should have the reasonable expectation that it's going to stay out there. You can't "unsay" things, even if you change your mind and start to say the opposite. For your own sake, learn this now.

Re:wrong wrong wrong.

The bookstore example is a wee bit flawed. Google caches pages that are made freely available on the internet. If a site doesn't want Google to have its contents, again for emphesis freely available, cached, then they shouldn't put it on the "Web" or they should block it with robots.txt, or a login/auth section engines can't enter.

Failure to do any of the above is a failure of due diligence on the part of the site, not Google. E.G. if that same book store gave their books away for free on the sidewalk to anyone passing by, then one of these people offered anyone else a chance to read those free books he/she collected standing at the front entrance for free, how is that infringement?

And if a site gets hacked because somebody didn't set up robots.txt or any other of the wide array of possible reasons, then they'll be damn glad google cached its contents too.

Re:wrong wrong wrong.

[mumblestheclown]

Dude, the point is that copyright is still copyright, dude. There's a difference between an embarassing usenet conversation coming back to haunt you, dude, and a multi-billion dollar company that bases a large percentage of its business on, dude, taking all of your written material - be it opinion, research, or what have you, REPUBLISHING IT IN AN AUTOMATED FASHION, dude.

Re:wrong wrong wrong.

[geekoid]

no it doesn't.
at best, using the anology, it gets a book that has been offered to anybody who wishes to read, for free, and then receiting it, while at the same time giving reference to its source.

Re:wrong wrong wrong.

[mumblestheclown]

except:

1. in many cases it eliminate the NEED for the source.
2. it may take away the source's motivation for publishing (ie advertising), and as such has clearly usurped copyright material for its own gain in lieu of the author.
3. removes the author's perogative to un-publish. while fair-used based commentators may take note of what an author writes for
4. by removing images and so forth, often removes the author's intent and meaning. this is not just copyright violation, but this can be systematic (deliberate) misquoting.
5. does not respect author's wish to TIME LIMIT things on the internet.
6. does not distinguish between classes of speech - the US courts have ruled over and over and over again that there are different classes
7. is an opt-out mechanism that is not friendly to new people to the net.
8. does all of this without the author's explicit permission
9. and so on and so forth.

Furthermore, for those of you who subscribe to the naive notion that "if it's on the web, it should be free", is yourusername:yourpassword@yourcreditcardcompany.co m on the web? if i find this, should this (as well as your ssn and other good stuff which is doubtlessly on the web) be freely distributable? what if yourcreditcardcompany publishes the info accidentally?

no, people who go by the theory that 'if it's on the web it's free' are naive. there IS an expectation that stuff on the internet without passwords will be freely available. there is NO expectation that says a third-party for-profit entity should be able to republish it at will. that's ludicrous.

Re:wrong wrong wrong.

Dude! Thanks for making fun of that dude's abuse of the word "dude", dude. ...

dude.

Re:wrong wrong wrong.

Dude? One word: DECAF.

The WWW is not a place for anyone to control how information is used. The day it is that way is the day it becomes useless.

If you don't want google to cache it, then block google from indexing it (specific to content removal and blocking look here). Noone said sites have the reasonable expectation of having content findable on the web though a search engine in the first place. That's a choice a copyrighted content owner has and chooses to or not to utilize. It's really just that simple.

Google file searching....

[Rahga]

I honestly know of nobody else who uses this technique, I just figured I would try it back when I was hunting down upgrades for old games like Quake 2 while places like FilePlanet were getting hammered:

At google, type "index of", followed by the precise name of the file you are looking for.

I'd say this gives me good results on a fast server 95% of the time.

Re:Google file searching....

I honestly know of nobody else who uses this technique ... I'd say this gives me good results on a fast server 95% of the time.

So. You found a way to combat slows downloads (because of high traffic) that works well for you. Then you announce that method to the Slashdot crowd.

You're not the brightest bulb, are you?

Re:Google file searching....

[darth_silliarse]

I've also been searching Google this way for years, it's a good way of getting what you need without having your browser cache clogged with cookies...

And see the caption

[TuringTest]

"Google is not affiliated with the authors of this page nor responsible for its content."

Re:My favorite... Searchlores

[sICE]

If you like this kind of tricks you can find dozen tricks like those ones and betteron Fravia's web site SearchLores.

damn it...

[edrugtrader]

if only slashdots search was as good as googles i could point out this is the third time in a year this "story" has been run.

Doesn't work

[lawpoop]

I tried "bash history", "password", and "temporary", hit "I feel lucky" and I didn't get to hack anything.

I guess I don't have the patience to be a real hacker.

SCO Logic:

[KillerHamster]

Google uses operating systems! All your code are belong to us! Google must be shut down and all of its users owe us lots of money.

publishing analogy

[muppet]

as an author of a web page or even a log file, you have the right to publish and de-publish it. just because it's on the net does not give google the right to cache it indefinitely.

by the publishing analogy, doesn't this mean that libraries don't have the right to lend books that are no longer in print? in that respect i see google's cache as a library's copy of a book; they let you look at it, and you can see when it was published. they don't claim it's the most up-to-date, and at any time you can go to the source and see for yourself (e.g. go to a bookstore and buy a new copy).

Re:publishing analogy

[mumblestheclown]

by the publishing analogy, doesn't this mean that libraries don't have the right to lend books that are no longer in print

A book, by virtue of being a physical object, has permanence. so, when a library purchases a book, it is entitled for perpetuity (to keep this on topic, let's not consider expiring copyrights, which are of no relevants here) to hold one copy. When the publisher published the book, he made it very explititly clear that others would have the right to hold copies of that book.

a better analogy is this: if i write something down on a notepad on my desk, can the library come in, take a photo through the window, and thereafter make infinite copies for all to enjoy? you might say - well, it was your fault to have kept it so close to the window - that is to say, that i had no expectation of privacy of keeping something so close to the window. fine, this may as well (may or may not be) be true as far as casual passers-by are concerned, but what is clear is that google is not a casual passer-by-- it is a ravenous scavenger habitually and continuously peering in any and all windows it can find, despite knowing full well that it will likely run into things that the author has not meant to publish.

this is completely different, and it is wrong. a business should not be built atop copyright infringement. a large portion of google's is.

Re:publishing analogy

If you tell the library not to look at your paper they will not do so.

You want to do the same with Google? Leave a robots.txt file on your machine. That is the INDUSTRY STANDARD for telling web spiders not to scan you.

FM888

Re:publishing analogy

[mumblestheclown]

"send an email to unsubscribe@viagradonkeys.com" is an INDUSTRY STANDARD, too. it doesn't make it right or even legal. and, it's not a great standard, as previous slashdot stories pertaining to robots.txt being ignored will attest to.

laws and rights trump industry standards every time. opt-out standards prey on the weak and new - i encourage you to find ONE beginner guide to the web which talks about robots.txt. hint: there is none. therefore, this is a standard that virtually begs for new users to err. this is opt-out. this is a broken standard.

Re:publishing analogy

One day, someone will remind you that you used to never capitalize "I."

Re:publishing analogy

I totally agree. If I say something out loud that I later regret having said, can I erase my words from the minds of everyone who heard me? Of course not! Once it's out there, it's out there. Any competent web admin ought to realize that anything within their site should be considered "out there."

LOL - Check out Superfly!

[laetus]

The first guy in this google list has some funny videos. I wonder if he plays this one on his monitor while entertaining his girlfriend!

A Shaft Universe

Re:LOL - Check out Superfly!

[PunchMonkey]

The first guy in this google list has some funny videos. I wonder if he plays this one on his monitor while entertaining his girlfriend!

LOL, I just about spat out my lunchtime chocolate milk watching those. My girlfriend works in that department (as student help), gonna see if she knows the guy.

A little bit OT

[edmz]

Not the same kind of "hacks", but more than one might have missed that O'Reilly published recently Google Hacks. Mostly targeted to webmasters or "power users".

Not always dumb... depends on what's there

[jd]

#include "IANAL.h"

You can probably use this to set up "honeypots" which may be legal in States where traditional fake services would be considered illegal as entrapment.

Simply set up a virtual machine (user-mode linux is a good one for this). Have the root account publicly read/write and somehow "accidently" visible to httpd.

Have the login shell a program which acts as your honeypot, logging activity, tracing back to the user, etc. All the stuff honeypots do so well.

Next is to ensure that the root password is visible, plain-text, and in a file that is visible to search engines. Your average skript kiddie is not going to question the apparent generosity of the admin. To get the engine to find the account, you probably want to have your main web page link into your virtual machine's root account - say via an FTP.

Now, none of this is entrapment, in the sense that the person must pro-actively attempt to present a false identity before the service is accessed. There can be no question that the identity of any user logging in is fake, that the user logging in knows that it is fake, and that there has been a deliberate, pre-meditated attempt to compromise an account.

If you want to go one step further, have the login shell transfer some goodies, such as cpuburn. Now, these have to have a "legit" use by a "legit" user, as anyone who gets burned is likely to complain. You have to be able to stand your ground and say "hey, I use this service as a convenient way to do hardware tests on remote machines - I locked that account against intruders, so if an intruder gets in, it's not my fault if they get burned."

(If you leave something dangerous "just lying around", you could probably be held accountable if someone gets hurt, even if they were stupid or malicious. But if you make a "reasonable" attempt to deny access, then it's not your problem.)

In fact, if you do any freelance tech stuff, you might very well use the service for real as a way of fetching over stress-testing software. It would make it a lot harder for "victims" of your root snare to complain, as you could then prove a legitamate use by legitamate users - the victim not being one of them.

Hacking with Google 101

[Shivaji+Maharaj]

Here is a nice tutorial about the topic.

Bush logic:

[Dumbush]

Google can be use by terrorism. It can be used to locate source to purchase WMD. We must defend land of the free.

Hmmm

"index of" robot.txt

"/_vti_pvt"

[domenic+v1.0]

That was my favorite google search back in the good old days....finding the "service.pwd" or "admin.pwd" files, then cracking them with John the Ripper. Too bad that exploit is patched and next to non existant now :(

other stuff

the "filetype:blah" command's pretty useful aswell, plenty of websites accidentally (or stupidly) put their site's databases in web-accessible dirs. google won't let you search just for a file name tho, so put the filename in as a query aswell.
e.g. search for mdb filetype:mdb
brings up loads of databases, not all of them particularly interesting.

stuff like
passwords filetype:mdb brings up more interesting results, but fewer obviously.

robots.txt?

[Ed+Avis]

Might be worth looking at this tutorial about robots.txt if you think you might be at risk.

Er, no. If you have passwords being exposed on the web then you need to make sure they stop being exposed - not just to well-behaved robots but to anybody! .htaccess (if you use Apache) is the file for this.

However, if the web server can read the file then most likely any other user on the same system can read it, since httpd normally runs as an unpriveleged user. So the fix is simple: 'chmod go-rwx file'.

Going a stage further you could say that plaintext passwords should not be stored in files on disk anyway...

Google Hacking Tutorial

[hohokus]

while randomly googling for "index of" and ".bash_history", i found this, which may be amusing:

http://www.smart-dev.com/texts/google.txt

phf...

Does anybody remember the PHF bug?

Hacker/Cracker/Jedi

Hacker
One who is proficient at using or programming a computer; a computer buff.
One who uses programming skills to gain illegal access to a computer network or file.

While this does include black hats it does not include script kiddies.

Cracker
One who makes unauthorized use of a computer, especially to tamper with data or programs.

This, however, do to the fact that it does not mention programming or skill, would refer to a script kiddie.

As far as the hacker/jedi analogy, to become a jedi you have to start out good. The bad guys are the sith. While good jedi do go bad, the trend in hacking is more for a black hat to go gray than white to go black.

M.D. Inc.

MODUP

hilarious

All present and accounted for...

[medscaper]

Can it tell me my credit card number too?

Sure, John. I just checked. Your Visa number is 4803 1809 2273 4821, expiration 03/05.

Your Discover card bill is overdue, though. Don't forget, according to this record, you've got 18.5% on overdue, PLUS your $15/mo late fee.

Your 'condition' should have been cleared up by now, so why'd you refill that prescription on Tuesday? Oh, wait, I see here that you deposited three brand new $20's at the US Bank down near Santa Fe. Doing a little insurance fraud, there? :)

Oh, I just googled again...your dog wants back in.

Re:All present and accounted for...

[orange_6]

HA! it's 4803 1809 2273 4827, expiration 03/05!

Looks like I fooled you!

Re:All present and accounted for...

[Theaetetus]

Sure, John. I just checked. Your Visa number is 4803 1809 2273 4821, expiration 03/05.

That's my number, you insensitive clod!

-T

It slices, it dices...

it cracks weak systems with a press of the button.

Is there anything that it can't do?

Oops

[medscaper]

Your Visa number is 4803 1809 2273 4821, expiration 03/05.

Uhhhh. Crap. I hope that's not real.

Sorry, whoever you are. I made it up...

Re:Oops

[clary]

Nope...doesn't pass the LUHN check. See LUHN Check.

Entrapment

[SirCrashALot]

Entrapment (in the states at least) is only for law officers not for end users so honeypotting isn't illegal.

Re:Entrapment

AYAL?

Re:Entrapment

[fizbin]

Probably not, but his statement of the situation squares with my experience when I talked to an FBI agent after having discovered (and logged) some IRC kiddies who were constructing a DDOS network out of sub7-infected machines.

I'd created a sub7 honeypot on my linux box with a little perl script; after that collected the IRC server ip and channel name, I connected with a random username (pretending to be a bot) and just logged the conversation.

The FBI agent interviewed me very carefully to make certain that my setting up monitoring, etc., was not in any way instigated by a law enforcement officer. (No, I'd just gotten annoyed at random SYN packets) Then, he had no trouble with it. I don't know if this makes the evidence I provided useable legally, but it never came to that. As he explained it, the question was whether I was acting as an agent of the state when setting up the honeypot. Committing entrapment is not anything that non-state actors ever need worry about.

Not that this lets you off the hook entirely - there may be charges of wiretapping involved; monitoring your own machine should be safe legal ground, but connecting to the IRC network (as I did) is a slight bit more dicey legally, and shouldn't be done if you have any reason to believe that the relevant prosecutor would like to hang something on you as well.

Re:Entrapment

[PenguiN42]

Also, entrapment is only illegal if the law officers used fraud or undue persuasion to cause someone to commit a crime -- so much so, that an ordinarily law-abiding person would be compelled to commit the crime.

Cops can tempt criminals to commit crimes, and even initiate or plan out the criminal act (ie, buying or selling drugs, offering or buying prostitution, planning a bank robbery heist). None of this is entrapment, unless their actions would have cause a normally law-abiding person to commit the crime.

If a cop tricks someone into unintenionally breaking the law, or harasses them so much that they eventually cave in and break the law, or threaten them, etc, it may be entrapment. It's actually pretty subjective and up to the jury, usually.

But a lot of misconceptions of entrapment abount -- ie the ever-popular, "if you ask them if they're a cop, and they say no, then it's entrapment." And also the misconception that entrapment is a crime and can apply to non-law-enforcement. It's not a crime, it's a defense against being charged with a crime. (Well, unless you perform a crime while trying to get someone to perform a crime -- that's still a crime)

For a somewhat inflammatory discussion, see this: http://www.libertyhaven.com/politicsandcurrenteven ts/nationalbudgetsdefecitsorspending/lawdeceit.htm l

I had a more objective look at it, written by a lawyer, but I can't find it.

sorry if this is off-topic.

Security through obscurity.

[ad0gg]

Do you work for microsoft by chance?

I still like this one...

[jonfromspace]

Muppets Rock!

Oops

[jonfromspace]

Here it is
Farking preview... I know.

I'll vouche for that...

[Threed]

That's how I used to find MAME ROMs.

wow

[Trepidity]

I thought that guy had disappeared from the face of the earth. He used to have the world's most thorough description of reverse-engineering techniques until it inexplicably went away.

Re:wow

[sICE]

Hehe, no he didnt disapeared at all. And i can tell you he's alive and kicking. Yet you may find his old data here on the AntiCrack website.

One question: does WoW stands for Warriors of Wasteland?

Re:wow

[sICE]

sorry missed wow as your nick Trepidity, forgive the last question.

Previous /. discussion...

[frozenray]

...on search engines as a security threat can be found here ("The Problem of Search Engines and 'Sekrit' Data", November 2001).

Things haven't changed for the better since 2001 - the amount of sensitive data (passwd and .htaccess anyone?) one can dig up just by using a search engine is simply astonishing.

The FOSS community should take note and design their products in a way that makes a default installation as secure as possible, even if some functionality is sacrificed.

We have seen what happens if new features and ease of use have priority of security (no, I'm not naming names). We don't want to repeat that mistake, do we?

Hacker!?

[batkins]

Shouldn't that be cracking?

Similarly...

In that vein, try searching for "Index Of" and "qdf" (Quicken Data File).

I suppose that doing various "Index of" searches might be a way to evaluate web hosting providers. Anyone who exposes their current clients' passwords fails.

Missile?

[Skreech]

They're models. Heres a picture from the same site.

So what's new?

[cruachan]

Back in ~1997 there was a know vunerability in one of the apache distribution files that could be used to execute a root command on the server. Beening able to exploit this was dependent upon the server having a particular unmodified file available.

This was pre-google, but by judicious use of alta-vista it was quite easy to bring back a list of vunerable servers.

Dangers of bLogging

[herk]

My one and only hacking (that I'm aware of) took place at the hands of a friendly hacker searching the web for OpenBSD 3.x (can't recall the version). I'd just installed it recently and mentioned it in my blog, but hadn't had time to patch it yet, and was running a vulnerable version of ssh. Thankfully he notified me of the hole and claimed to do nothing malicious.

Watch the Zeitgeist!

[jgoeres]

Next Week on Slashdot:

Google Zeitgeist Reports Top Gaining Query for Week Ending August, 2nd is "bash history".

Ugh

[autechre]

Have you ever read BUGTRAQ? phpnuke IS a vulnerability. You might want to look into Postnuke, or something completely unrelated.

Poor Mr. Schlich

[jgoeres]

Today it sucks to be the I'm Feeling Lucky result on a search for index of ".bash_history".

a better analogy would be

[geekoid]

" if i write something down on a notepad on my desk, then pin it to a public bullitin board,..."

if you put an article on a bullitin board, any news source can report that, hell I could even have a business that points to certian data on different bulliten boards areound the country.
Once you removed the bullitin, I can still keep my copy in an archive for latter retrieval.

Once you put something on the net, it is there for all to see by default.

Interesting access_log results

[ssims]

access_log search Check out the 2nd one down, not the title but the location.

Re:Interesting access_log results

[ssims]

a link to the paper about the slashdot effect

ROBOTS

here: http://www.google.com/robots.txt

google for "Nessus Report"

[seudafed]

google for nessus report. Find vulnerable servers w/o the hassle of having to scan for them...

Sorry but nowadays most admins are "dumb"

[AHumbleOpinion]

This guy is a security consultant? Come on, what admin in their right mind would enter a password in cleartext on the command line and allow it to be stored in ~/.bash_history?

Apparently he is a security consultant in the real world not some mythical world where every *nix box has a competent and knowledgable admin. Face it, some of the people setting up Linux boxes are near the script kiddy end of the spectrum. Others are well meaning *nix users taking care of personal or small business Linux boxes.

Dialup Creds on USENET

[KidSock]

A long time ago I searched what was Deja-news then for typical pppd log messages. Low-and-behold there were usenet posts from Linux newbies trying to get into their isp complete with phone number, username, and password.

Mike

Woah. This is deep.

[chopper749]

Try this

Re:Woah. This is deep.

[SlayerofGods]

LOL I preticualry like their little message at the top
d00d, g00GlE a1nt aFFiLiaTED wi7H tHE laMeRZ tHaT 0wn dIZ p4G3! g00gle d0z3nt h4v3 4ny+h1nG t0d0 w1th iT!#&$
Which was orginaly
Google is not affiliated with the authors of this page nor responsible for its content.
I really like the translation matrix their running. I wonder if they would share it.....

bigger index?

[donutz]

Google reports that it's searching 3,083,324,652 web pages. Alltheweb is reporting "Currently searching 2,142,833,819 web pages".

Now which is bigger?

This is nothing new

[222]

I think at least 30% of /. readers have been using this google "resource" for quite some time. Theres even this place
http://johnny.ihackstuff.com/index.php?module=pr odreviews
in case your lazy.

A good 'ol trick ...

[dr.+greenthumb]

... is to do a Google search for "welcome to phpmyadmin" -login

The sheer number of incompetent admins out there is just staggering ...

bash history... the other way...

you all talking about bash history put on the web due to a misconfigured webserver....

i found something way better...
now you get your bash_hostory file even with revisions on repositys.

WOW!

watch this:
http://bioinformatics.org/cgi-bin/cvsweb.cg i/xml2m at/.bash_history

kindest regards,
Anonymous Coward

Re:robots - HOWTO?

[grolschie]

This robots.txt thing interests me. How can one use "*" and "disallow" to block all crawlers except ones you specifically allow? I mean, you might wish to let google crawl your site, but no-one else (ie: spammers).

Don't go there!

[Le+Marteau]

I got portscanned, a ping and a finger attempt when I went to that site!

Re:robots - HOWTO?

Yeah, that's insightful. You think spamer's crawler is going to honor robot.txt settings?

Security leak mysql

if you know how many people use mysql.
like
#mysql -u<user> -p<password>

and you do some googlin' for '"bash_history" mysql'
it's really scaring what you find.

kindest regards,
Anonymous Coward

Re:robots - HOWTO?

[grolschie]

LOL. So it's a good-will thing then? Ok then. Say you don't wish for your site to be listed on a particular Search Engine, but you do want it in google...?

Scary, very scary

[Hatta]

Fucking navy.

Re:Scary, very scary

[goldfndr]

Cute!

• Look closely at the SSNs and phone numbers.
• Try to find Podunk, SD on a map.
• Look up 77523 ZIP code.

Not just crackers, Anti-Spammers use this too

[zgornz]

http://www.theregister.co.uk/content/55/32103.html

In short, the anti-spammers found a WSFTP.LOG and used it to find zips with email addresses.

Funny to see this on the register so soon after this slashdot article

navy

here is navy link.. very very scary http://216.239.39.104/search?q=cache:THCvz5IMIAAJ: web.nps.navy.mil/~drdolk/is3301/PART_IS3301.XLS+In dex+of+/+%2Bfiletype:xls+%2BSSN&hl=en&ie=UTF-8

Re:navy

Remember, don't treat the google cache as an anonymous surf

googleDork

googleDork (gOO gol'Dork) noun 1. Slang. An inept or foolish person as revealed by Google.

googleDorks

Re:robots - HOWTO?

[elemental23]

Do you really believe that e-mail address harvesters will follow the robots.txt guidelines? If so, I've got a bridge I've been looking to unload...

search for admin email

[jasonrocks]

I have found out that by finding the admin's email address and real name, then searching their site with google, many times you can find sensitive tidbits (especially if you search a University website.)

Re:search for admin email

[sICE]

You can even find more, if you take the pain to search. I've got on the phone a webmaster of a major cracking website, though he didnt gave away any infos about himself, and was quite careful about the stuff he dropped on the net. Even better i could get an access to the company network where he worked and could get a little more docs about him (like his address, familly status, salary and stuff). I know, it's mostly selfish and it was just to impress...

All that blah blah to say that if you have a name, you can get a bunch of detailled informations on the net. There's not a thousand of techniques to get to what one's want.

ColdFusion

[jasonrocks]

I have googled for a coldFusion example program (which just so happened to be vulnerable). I found many site that were vulnerable.

Re:ColdFusion

There's a program called making the grade or gradebusters or something like that (maybe the same program after a name change). You've probably seen it if you have kids or are a kid in a school district that uses it. It has a Java applet to let you in to see the grades based on an ID number and a "PIN" (password).

You can easily use Google to find these things. Why would you want to do that? Well...

1. You can decompile the Java applet to figure out how they encode the passwords and IDs - they're hidden in the page! Some places use student ID numbers, some use social security numbers (!!!), and so on. Some of them use the kid's birthday as the password/PIN/whatever. Duh.

2. Or you can decompile it and learn that many of these things have a backdoor. Plug in "1066" as the PIN and it lets you in no matter what it really is.

The best part is that analyzing this thing for holes was part of my job once upon a time.

You can request Google remove stuff from cache

[freeweed]

During a recent stint with a government agency who shall remain nameless (security research, in any event), we stumbled upon a pretty neat thing while using Google.

Basically, some admin had put up an entire test site, no index pages on lots of it, directly accesible databases, the works. Google cached the whole dang thing. We happened upon this while doing an unrelated search, and using the site: tag let us effectively pull the entire site out of Google's cache. The test site had long been pulled, but what Google had contained a LOT of sensitive information: things like home addresses, phone numbers, and personal email addresses of some very prominent business people, even some financial information. What was cool was finding links in the cache that still linked to some nice Access databases. Missing index.html, anyone? Yes, Google caches that :)

Anyway, we contacted the hosting company, and they must have done something, because within hours Google's cache no longer contained anything for them. I assume they contacted Google requesting the cache be cleared due to its sensitive nature. Google seems willing to do this if you can prove it's your own site.

Oh, and they also moved their databases :)

Case in point...

Google

Where is chroot?

[red+floyd]

Shouldn't one be running the webserver in chroot jail anyways?

Why would any of .bash_history or passwd or any of those fun guys be available to Google? Google's spider shouldn't even see them!

Heh, timely.

[YOU+LIKEWISE+FAIL+IT]

One of our favourite passtimes 'round here is searching google for "Index of /" + interesting stuff. Just two days ago we found someones mbox.bz file - however, after a quick email, they got it in under cover.

This technique is quite old now. I first heard it as a method of squirrelling out mp3s without using P2P.

YLFI

Re:robots - HOWTO?

[jesser]

How do I block all crawlers except Googlebot from my site?

But as other posters mentioned, expect spammers to ignore or abuse robots.txt. Do you really want to be left out of Altavista, Alltheweb, etc?

Another fun way

Lots of morons make everything on their computer freely shared on P2P networks. Next time you open Kazaa, search for the word inbox.mbx ;-)

Why?

[Eminor]

Why does a web server even serve up files outside of /var/www or /home/*/public_html?

This was already covered

[bond88]

This article appeared in detailed a month ago on the Box Network. http://neworder.box.sk/newsread.php?newsid=8203

Re:This was already covered

Yeah, and maybe last night your face with covered with gism, So what?

Advice: rarely will you look intelligent assuming crossover readership.

Re:This was already covered

[bond88]

And maybe you'll grow up and stop assuming such things.I was merely making an observation.Rarely does anyone seem intelligent making such childish comments.

Re:This was already covered

OK, because I see from you SID and posting history that you're new here, I'm going to take a few more moments of my time to fill you in on what would be a proper "Subject" line:

"This is covered in more depth here"
or
"This is also covered here"
are both good -- they would give the impression that you're out to contribute to our community here.

"This was already covered" - gives the impression of being arrogant, pompous, obnoxious, vain, and a showoff.

I know the crowd at neworder.box.sk, You're 13-15 years old and striving to learn more. That's OK, but expect to get slapped down at times as you go through the learning process.

Last advice: arguing with an anonymous coward on a message board is like participating in the special olympics, even if you win, you're still retarted.

REgards

Re:robots - HOWTO?

Thanks for this info.

Amazon logic

[djh101010]

...actually, I patented that. -- Jeff Bezos

Better insight into hacking with Google

[xnok]

There is a far more interesting and relevant article on the New Order site Google: A Hacker's Best Friend. xnok

Free Passwords

[MacGod]

Evidently, I can get passwords to all hot XXX lesbian lolita harcore bukkake sites for FREE! Man, this google hacking rulez!

In other news...

[2cv]

With millions of Deadheads around the world preparing for the anniversary of Jerry Garcia's death on August 9, 1995, a seemingly innocent post on Slashdot (www.slashdot.org) has led to the discovery that Jerry Garcia was actually alive as late as February, 2000. Apparently, the Dead's head was based at a Naval Weapons Station in Podunk, South Dakota as of February 3, 2000. The Detailer List Report was found in the Google cache of a Web page hosted on a military server and includes an email address and phone number for Mr. Garcia. Attempts to reach him were unsuccessful.

Interestingly enough, Ric Ocasek, former lead singer for the Cars, was billeted at the same base at the very same time. This has led some to speculate wildly as to

Jerry Lives?, Page 2A

Squid logs

Lots of places put their Squid proxy logs up on the web and they get indexed. That used to be a great way to find things like Futurama episodes, since they'd tend to be in the "top nn largest URLs this week" part of the reports.

Take the URL (http, ftp, whatever), check it out yourself and ... *bingo* lots of cool stuff.

Try searching for something that shows up in the header of a proxy log and then something that you want to find. It might be illuminating.

Gasp egad!

[Frogbert]

Not only bash_history this technique could let you read chuck sixpack's mail or Jon Everyteens midterm

Need something to feed L0phtcrack?

[Ayanami+Rei]

http://66.216.103.200/download.asp?Name=SAM&File=c %3A%5Cwinnt%5Csystem32%5Cconfig%5CSAM

Given' it out like your mom

[maggotbrain_777]

Most of the "uber-geeks" will probably just stop on this link bash_history >> /dev/null
and not even bother with pages that give a users actual history file.

Try this

[xnixman]

Set up google to only search your favorite vendor's web site.

Then search for "proprietary" and then "confidential".

I always get a few hits, mostly market research reports, and new product plans.

Dan

For all the anarchist sysadmins...

[SlimFastForYou]

1.) Create a robots.txt file. Include a file named email_addresses.html.

2.) Create the email_addresses.html file, and put in email addresses of people who may be on your poop list (billg@microsoft.com, president@whitehouse.gov, hrosen@riaa.com, etc)

3.) Hopefully you are hosting a major site (that lots and lots of spambots love to crawl). After a while, take a gander at your logs, and squeal in joy when you imagine how many messages your cough*friends*cough will receive with "special offers" or telling them how lucky they may be. Ok, maybe dont squeal that loud...

4.) ???

5.) Profit!

I have the urge to...

[spike+it]

I have the urge to go make a robots.txt file with sensitive info just to mess with hackers. Should be fun, hmm?

Kamioka, and huge toys

[ktorn]

Wow, the amount of time I wasted just by following that link...

I saw this picture with a nice landscape. Decided to investigate and after a bit of Googling it turns out it's from somewhere in Kamioka, Japan. That's where physicists from around the world built this huge toy which they call Super-Kamiokande.
Some pretty impressive pictures, especially when you see that they built many of these to make this, just to fill it with water (warning huge pic, here's a smaller one), and conduct experiments into neutrinos, dark matter, and other cool stuff like that... Wow.

There you go, just learnt a few things, and added Kamioka to my list of places to visit ;)

Captain Murphy Rules the Internet!

[fm6]

Come on, what admin in their right mind would enter a password in cleartext on the command line and allow it to be stored in ~/.bash_history?

An inept one. Of which there are a great many. A lot of exploits simply capitalize on stupid-but-common mistakes, like not changing the default password on your router. I don't know whether this kind of mistake causes more exploits than Microsoft's alleged software engineering, but it's pretty big.