Protected by Copyscape DMCA Takedown Notice Infringement Search Tool
All opinions expressed on this blog are my own and do not reflect those of BIET Jhansi students and employees,staff,or any official whatsoever, colleagues, family or friends.I express my opinions as a free citizen of a democracy exercising my Fundamental Right of speech. The intention of this blog is merely to air my views and opinions (and sometimes, frustration) and is not intended to insult, instigate,disgrace or hurt anyone(body,organisation or institution). Anyone is free to disagree with any or all of my views and can express them here or elsewhere. Any civil dialogue that is not unreasonably hurtful is welcome. I, however, reserve the right to delete any comment without any reason or warning.No content of this blog will in any way be a violation UNDER IPC Sections 506 and 295A .Legal issues if any will be ristricted to the MEERUT jurisdiction only.This blog/web space is in the process of being copyrighted to safegaurd my interests erstwhile this be considered to be under the creative commons commercial INDIA License.This space resorts to politically and ethically correct statements, complying with the spirit of blogging .This is an opinion medium, not a reporting medium and hence should not be IN ANY CASE BE TAKEN AS A FUNCTION OF MAINSTREAM MEDIA.The blog complies with the NAAVI guidelines. Thank you, MANOJ SINGH RANA

Friday, October 9, 2009

Get username and password with google

There are many ways to search for vulnerable sites with google. I'll show you here how to get username and password from sites that use FrontPage extentions. Microsoft FrontPage Extensions creates a service.pwd file inside the _vti_pvt directory in the HTTP server's document root. This file contains user names and passwords that could be remotely retrieved by an attacker. The good news is that Google indexes this kind of files, so they are very easy to search for. The bad news is that the passwords are encrypted, but wait, this is not really a bad news :-) because you can crack them if you are patient and you have the will. If you want to become a hacker, you have to be patient and you have to have the will. Please note: I'm not telling you to hack sites, this stuff is just for learning. So if you want to do illegal things, you should know that jail is a possibility.

So lets go to the details:

1- Some administrators change the name of service.pwd file to authors.pwd or administrators.pwd or users.pwd or some thing else. So to get the biggest chance to retreive this file we will add an "inurl" condition to our search string in Google like this: inurl:(service | authors | administrators | users)

2- The file extension is "pwd" and we are not interested to get other extensions, so we will add an "ext" condition to the search string in Google like this: ext:pwd

3- The first line in the file service.pwd is "# -FrontPage-". So we will search for this string with Google

And here is the full search string:(you can click it to go to Google result page)
inurl:(service | authors | administrators | users) ext:pwd "# -FrontPage-"

In the Google result page click any link, you should see some thing like this:
# -FrontPage-

ekendall:bYld1Sr73NLKo

louisa:5zm94d7cdDFiQ

Here, there are 2 users with their encrypted passwords. The first user is ekendall, his encrypted password is bYld1Sr73NLKo and the second user is louisa, her encrypted password is 5zm94d7cdDFiQ.
Posted by at

No comments:

Post a Comment

Comments Section

Subscribe to: Post Comments (Atom)