The
Stealth of Search Engines
Surely
you use Google, Lycos, Altavista, etc. One of
those
boring portals can lead you into a vulnerable server, or enable
you to surf anonymously.
Because many web managers of the servers you'd get into are happy with
default installations of IIS or Apache software running on their
servers, having not bothered to do Custom Install off Installation CDs,
you will see their baby unattended.
These managers drink coffee, surf fetish sites and eat their
lowfat-cheese-from-the- High-Andes-goatmilk sandwiches and don't know
that:
- You
go to google.com, lycos.com or altavista.com.
- Type
including the quotes :
"Try
the hyperlinks above to see some examples of the content you can
publish with Microsoft Internet Information Server"
to find
IIS,
or
"This
page is used to test the proper operation of the Apache Web server
after it has been installed"
to find
Apache.
or to
find a harvest of sitting ducks
wwwroot
-
You'll find some good siteseeing at Microsoft's IIS's. They are
notorious for M$ glitches that don't get enough of those annoying
patches sent to fix them, as PC Windows do. Instead they are waiting for
you to creatively visit them.
Using
ftp search tools:
- Go
to
ftpfind.com
file.ru
ftpsearchengines.com
ftpsearch.lycos.com
- Look
for
/etc/passwd
,
/etc/shadow ,
smdata.dat (for CuteFTP) ,
admpw (for Netscape Enterprise Server),
.htaccess or .htpasswd
/_vti_pvt/administrators.pwd
/_vti_pvt/service.pwd
/cgi-dos/args.bat
/cgi-bin/filemail.pl
/cgi-win/filemail.pl
/iisadmpwd/achg.htr
/iisadmpwd/aexp.htr
/iisadmpwd/aexp1.htr
/webcash
These are common directories on servers, and many full-service servers
have at least a WWW, "secure" SHTML and a FTP servers in
active use.
Hiding
your IP without using proxys: Translation services!
To surf anonymously in an English web:
- Go to
babelfish.altavista.com
-
Select "Web Page"
- Type
down the target and ask to translate it from other language [Spanish :-)
to English]
-
You'll be surfing and not one server will have your IP in its log.
Because it will be translated from
JoShmoPC.virginiabell.com
to
senora.estadusted.enamorata
or from
64.123.123.123
to
GDJ62M.U89D.8F03KJ.0DJ
and
translating them back to English is useless.
- FTP
search engines can be used for hiding your IP during your search for
critical files, without giving anyone a clue.
Translation
engines protect the translated webs by sending headers like REMOTE_ADDR,
HTTP_X_FORWARDED_FOR or HTTP_VIA,
but on some engines this technique must be intentionally selected in
Headers or Option menu.
Teflonivan
acknowledges dante00 from Cyberarmy
|