Again... I'm sitting around rather bored.
Type in
allinurl: /etc/passwd
into google and then click on I'm feeling lucky
Rather interesting. :)
Printable View
Again... I'm sitting around rather bored.
Type in
allinurl: /etc/passwd
into google and then click on I'm feeling lucky
Rather interesting. :)
I love the first hit! ;)
LOL, this is fun, I have a new game to play!
Yes, I found that a little while back and it was pretty interesting. I have found other google honey pots as well, sites that will give back "HACKING ATTEMPT!!!" and such lol. :p
That is interesting....
Hi,
May I ask you, what the honeypots are for?,,,
how can I take the most out of them?...
Cheers,,,
Damn phish...I wish I had your job!Quote:
Originally posted here by phishphreek80
Again... I'm sitting around rather bored.
Type in
allinurl: /etc/passwd
into google and then click on I'm feeling lucky
Rather interesting. :)
Thanks for the fun. I remember doing some Googling of this type for fun in 2003 after discovering http://johnny.ihackstuff.com - he seems to be the pioneer or at least one of the originators of using Google as a hack tool. Quite fun I must say.
It looks like a bunch of sites have gotten wise because about a year ago there were TONS of valid hits. Glad to see improvements in this very basic security measure (re.; dont allow public access of passwd file to web site).
/edit
Definition of honeypot?
Basically to draw hackers to it rather than your "real" website. Other objective is to use to study hacking behaviors to learn.Quote:
NWFUSION: http://www.nwfusion.com/techinsider/...security2.html
A host or network with known vulnerabilities deliberately exposed to a public network. Honeypots are useful in studying attackers' behavior and also in drawing attention away from other potential targets.
http://www.rubyist.net/~rubikitch/RD...2Fetc%2Fpasswd
that was also one of the hits, interesting?
Thats wasn't at my job... that we me bored at home...Quote:
But my job is ok. I can't complain.
I could have a better one though...
I love google! for
I think O'reilly's 'google hacks' should be required reading for all introduction level computer classes.
I agree, whenever I'm testing the security of a website, the google hacking is always one of the first methods I use. I frequently check back at that ihackstuff site to see what he found next. Although most password files you find now are shadowed, you can still find things like admin control panels, among other things.
It's kinda like a scavenger hunt, just to see what kinds of results you can get out of it.... oops sorry.....a little tipsy at the moment. ;)
You REALLY wanna have fun? Drop by Foundstone and grab the sitedigger tool. It's free.
http://www.foundstone.com/resources/...sitedigger.zip
I takes a very large amount of the known Google searches (similar to Phissy's) and fires them at any domain you like. It is most entertaining.
I agree...the stuff is amazing. Thanks for the fun guys.