~ Passwords lore ~
Version January 2002
HOW TO ACCESS ANY DATABASE ON THE WEB
(how to find working passwords when you forget your own)
"how to access databases when you have forgotten your password" essays."
http://www.tor.at/resources/computer/net/internet/www/search/www.searchlores.org/password.htmProquest
http://www.bellhowell.infolearning.com/proquest username: 07SNXJX2C9
password: WELCOME
username: BRV3G3S8V6
password: WELCOME
username: 0039KJK4DB
password: WELCOME
password: 87TFK6VCPC
Password: WELCOME
obvious no ? :)
Knowing that, we can fish more passwords by querying, for example, google : +WELCOME +proquest +password
HXM2X7RT9S
BPVV68P7PD
MFSR9HDD9K
SKG2P2QB3X
86M9FKBHRD
Q7Q3V6HQG8
HQ974NHXTM
006MPX2Q8H
VVJRTR7V98
FDJR8CBX8X
SK2NQ3XFSJ
FDJR8CBX8X
W68K2MNDS9
0043V3Q2S2
07TPHFKJ8R
and that was just the first two pages ... 2,030 results. And EACH result is a potential to get access to OTHER databases (it's generally a sort of bookmark for libraries)
another example ?
Grolier Online
http://go.grolier.com:80/ username: casls
password: casls
username: hot
password: ice
username: at5
password: ssoggy
Spanish edition :
username: Top
password: dog
comments : short login and password. Some common english words.
conclusion : a good target for a bruteforce :)
One where i failed is the SIRS databases
SIRS
http://ars.sirs.com/cgi-bin/custlogin username : NY0528
password : 14173
SIRS Fulltext Online Periodical Index
http://sks.sirs.com Username: CA3759
Password: 92065
it says : "Sorry, Your IP Address is not consistent with the customer number you entered"
So, they have an IpCheck. What can be done is using the IP of the site where the key was found and scanning 'around' for proxies ( ProxyHunter works fine for me : download proxy tools here or here or anywhere you want).
Now it's time to collapse all the knowledge we can gather, build maps, crack open sites, and release everything in the open info sea.
Let the nucleus eat all that stuff ! :)
loki
--------------------------------------------------------------------------------
"Seekers, Datajunkies, and other dragons" - Formated (18/01/02 05:57:01)
hmm, more and more and more passwords ...
Britannica Online
http://members.eb.com user ID : !@#Ramona
password: Ktwelve
Electronic Library
http://www.elibrary.com/education Username: subramon92065
Password: 14019
The EBSCO databases
http://search.epnet.com/login.asp?group=empire Username: pioneerchs
password: pioneerchs
Username: lle
Password: falcons
456561dsfsdf542123USERNAMEgfdX8564PASSWORD52135473514USERNAME1231xvcFsqEHHJPASSWORD25125457dsFVFDSGHHvv2ds3 ~ i feel like a datajunky, flow of data emerging from here and there just by prononcing some KEYwords.
Strange feeling ... and now?download everything,burn bunch of dataCD, and saying : Knowledge is Power !?
Like a dragon sitting on his treasure, as someone said in the riddle board. but i won't ever read one percent of these.
i'd like to, yes, in theory, but i don't wanna be a data sponge ;) By proceding like that, we're going to collect 'random' DB, from the library community (not so random ...). It even can be done automagically.
IMHO it'd be possible to set a bot for fishing all passwords that hides in the sea of information formed by searching inside 'pools' of data. These one can be created by querying ragingsearch like i did. The results are then parsed, and (that's the hard part), a script check in pages if there are relevant keys. Each key is stocked with the door url. And each door can be used to query and create pool. And so on ...
But then, what are we going to do with all that keys?
What is really the most interesting : Having hundred keys and the adress of the door or knowing how to lockpick ? :)
--------------------------------------------------------------------------------
What has be done in the last messages of this thread is just collecting data. No target (exclude the initial one).
But what was fished can be used to :
build maps (index of cracked database, commented, to create a fast jumping station for seekers)
build wordlist and combolist for the bruteforcers
have an access in order to 'crack open' and release to the public the hidden information (each site can be indexed out or mirrored or backdoored).
have examples of passwords in order to reverse the login algo
Let's center on what was required for searchlores :
"Hence: your help would be welcome and useful... preparing essays 'synthtetizing' these 'pornpass' knowledges into useful "how to access databases when you have forgotten your password" essays."
At that time, i never had to use bruteforce engine and worldlists (but i have read tutorials, and therefore i could use them if needed). In fact, gaining access to a porn site is far more difficult than accessing online librairies :)
Tools from p0rn hackers are indeed usefull, but if really everything other failed. Preparing to this eventuallity, we can build combolist of what was fished, and reverse some protection scheme.
For example :
Proquest
http://www.bellhowell.infolearning.com/proquest username: 07SNXJX2C9
password: WELCOME
username: BRV3G3S8V6
password: WELCOME
username: 0039KJK4DB
password: WELCOME
password: 87TFK6VCPC
Password: WELCOME
obvious no ? :)
Knowing that, we can fish more passwords by querying, for example, google : +WELCOME +proquest +password
HXM2X7RT9S
BPVV68P7PD
MFSR9HDD9K
SKG2P2QB3X
86M9FKBHRD
Q7Q3V6HQG8
HQ974NHXTM
006MPX2Q8H
VVJRTR7V98
FDJR8CBX8X
SK2NQ3XFSJ
FDJR8CBX8X
W68K2MNDS9
0043V3Q2S2
07TPHFKJ8R
and that was just the first two pages ... 2,030 results. And EACH result is a potential to get access to OTHER databases (it's generally a sort of bookmark for libraries)
another example ?
Grolier Online
http://go.grolier.com:80/ username: casls
password: casls
username: hot
password: ice
username: at5
password: ssoggy
Spanish edition :
username: Top
password: dog
comments : short login and password. Some common english words.
conclusion : a good target for a bruteforce :)
One where i failed is the SIRS databases
SIRS
http://ars.sirs.com/cgi-bin/custlogin username : NY0528
password : 14173
SIRS Fulltext Online Periodical Index
http://sks.sirs.com Username: CA3759
Password: 92065
it says : "Sorry, Your IP Address is not consistent with the customer number you entered"
So, they have an IpCheck. What can be done is using the IP of the site where the key was found and scanning 'around' for proxies ( ProxyHunter works fine for me : download proxy tools here or here or anywhere you want).
Now it's time to collapse all the knowledge we can gather, build maps, crack open sites, and release everything in the open info sea.
Let the nucleus eat all that stuff ! :)
loki
--------------------------------------------------------------------------------
Re: a comment to the SIRS example (18/01/02 06:06:23)
http://ars.sirs.com/cgi-bin/custlogin username : NY0528
password : 14173
SIRS Fulltext Online Periodical Index
http://sks.sirs.com Username: CA3759
Password: 92065
the first one come from a New York library, and the second from a Canadian library ... need more explanations ? ;)
loki
--------------------------------------------------------------------------------
a "trick" (18/01/02 07:00:37)
let's try to resume what was written, into a simple combing 'trick' for accessing databases.
--------
Find out the url where is located the login form or, if it uses an .htaccess protection scheme (see at searchlore "~ Authentication & Authorization lore for Apache servers ~" for more on that subject) the protected directory. This is also the first step for bruteforcing a site.
Prepare queries using the url and keywords found on the target site, like how they name their variables (username, user name, user-name, user ID, ID ARE different keywords).
Launch search engines or scrolls :
- use the "link:" option to find sites that POINT to the target (remember that it usually doesn't work with metasearchengines and a lot of classic search engines)
- use the plain url to find sites that only print the url (they use the both usually)
- filter the results with keywords
This way you'll fish mostly bookmarks where someone has written in PLAIN TEXT his login information. It is frequently the case for libraries, has we have seen earlier. They write all the identification informations on a web page, and thinks it'll be seen only by users of their internal computers. But they forgot the spiders ... :)
Moreover, when you've grabbed a valid access, if the protection scheme is really weak, using this weakness as keywords can produce wonderfull results : remember the Proquest case.
--------
That's all. I think it somehow resumes what was written in my last posts in a simple searching algorithm. A trick.
loki
[
本帖最后由 wjfllj 于 2006-12-13 12:45 编辑 ]
