级别: 荣誉元老
UID: 3497
精华: 37
发帖: 535
威望: 197 点
积分转换
愚愚币: 1667 YYB
在线充值
贡献值: 0 点
在线时间: 1135(小时)
注册时间: 2006-08-10
最后登录: 2021-03-12
楼主  发表于: 2006-09-14 21:14

 HOW TO ACCESS ANY DATABASE ON THE WEB

~ Passwords lore ~
Version January 2002

HOW TO ACCESS ANY DATABASE ON THE WEB
(how to find working passwords when you forget your own)

"how to access databases when you have forgotten your password" essays."

http://www.tor.at/resources/computer/net/internet/www/search/www.searchlores.org/password.htm

Proquest
http://www.bellhowell.infolearning.com/proquest
username: 07SNXJX2C9
password: WELCOME
username: BRV3G3S8V6
password: WELCOME
username: 0039KJK4DB
password: WELCOME
password: 87TFK6VCPC
Password: WELCOME

obvious no ? :)
Knowing that, we can fish more passwords by querying, for example, google : +WELCOME +proquest +password

HXM2X7RT9S
BPVV68P7PD
MFSR9HDD9K
SKG2P2QB3X
86M9FKBHRD
Q7Q3V6HQG8
HQ974NHXTM
006MPX2Q8H
VVJRTR7V98
FDJR8CBX8X
SK2NQ3XFSJ
FDJR8CBX8X
W68K2MNDS9
0043V3Q2S2
07TPHFKJ8R

and that was just the first two pages ... 2,030 results. And EACH result is a potential to get access to OTHER databases (it's generally a sort of bookmark for libraries)

another example ?

Grolier Online
http://go.grolier.com:80/
username: casls
password: casls
username: hot
password: ice
username: at5
password: ssoggy
Spanish edition :
username: Top
password: dog

comments : short login and password. Some common english words.
conclusion : a good target for a bruteforce :)

One where i failed is the SIRS databases

SIRS
http://ars.sirs.com/cgi-bin/custlogin
username : NY0528
password : 14173

SIRS Fulltext Online Periodical Index
http://sks.sirs.com
Username: CA3759
Password: 92065

it says : "Sorry, Your IP Address is not consistent with the customer number you entered"
So, they have an IpCheck. What can be done is using the IP of the site where the key was found and scanning 'around' for proxies ( ProxyHunter works fine for me : download proxy tools here or here or anywhere you want).


Now it's time to collapse all the knowledge we can gather, build maps, crack open sites, and release everything in the open info sea.
Let the nucleus eat all that stuff ! :)

loki



--------------------------------------------------------------------------------

"Seekers, Datajunkies, and other dragons" - Formated (18/01/02 05:57:01)
hmm, more and more and more passwords ...

Britannica Online
http://members.eb.com
user ID : !@#Ramona
password: Ktwelve

Electronic Library
http://www.elibrary.com/education
Username: subramon92065
Password: 14019

The EBSCO databases
http://search.epnet.com/login.asp?group=empire
Username: pioneerchs
password: pioneerchs
Username: lle
Password: falcons

456561dsfsdf542123USERNAMEgfdX8564PASSWORD52135473514USERNAME1231xvcFsqEHHJPASSWORD25125457dsFVFDSGHHvv2ds3 ~ i feel like a datajunky, flow of data emerging from here and there just by prononcing some KEYwords.
Strange feeling ... and now?download everything,burn bunch of dataCD, and saying : Knowledge is Power !?
Like a dragon sitting on his treasure, as someone said in the riddle board. but i won't ever read one percent of these.
i'd like to, yes, in theory, but i don't wanna be a data sponge ;) By proceding like that, we're going to collect 'random' DB, from the library community (not so random ...). It even can be done automagically.
IMHO it'd be possible to set a bot for fishing all passwords that hides in the sea of information formed by searching inside 'pools' of data. These one can be created by querying ragingsearch like i did. The results are then parsed, and (that's the hard part), a script check in pages if there are relevant keys. Each key is stocked with the door url. And each door can be used to query and create pool. And so on ...

But then, what are we going to do with all that keys?
What is really the most interesting : Having hundred keys and the adress of the door or knowing how to lockpick ? :)


--------------------------------------------------------------------------------


What has be done in the last messages of this thread is just collecting data. No target (exclude the initial one).
But what was fished can be used to :



build maps (index of cracked database, commented, to create a fast jumping station for seekers)

build wordlist and combolist for the bruteforcers

have an access in order to 'crack open' and release to the public the hidden information (each site can be indexed out or mirrored or backdoored).

have examples of passwords in order to reverse the login algo



Let's center on what was required for searchlores :
"Hence: your help would be welcome and useful... preparing essays 'synthtetizing' these 'pornpass' knowledges into useful "how to access databases when you have forgotten your password" essays."

At that time, i never had to use bruteforce engine and worldlists (but i have read tutorials, and therefore i could use them if needed). In fact, gaining access to a porn site is far more difficult than accessing online librairies :)
Tools from p0rn hackers are indeed usefull, but if really everything other failed. Preparing to this eventuallity, we can build combolist of what was fished, and reverse some protection scheme.
For example :

Proquest
http://www.bellhowell.infolearning.com/proquest
username: 07SNXJX2C9
password: WELCOME
username: BRV3G3S8V6
password: WELCOME
username: 0039KJK4DB
password: WELCOME
password: 87TFK6VCPC
Password: WELCOME

obvious no ? :)
Knowing that, we can fish more passwords by querying, for example, google : +WELCOME +proquest +password

HXM2X7RT9S
BPVV68P7PD
MFSR9HDD9K
SKG2P2QB3X
86M9FKBHRD
Q7Q3V6HQG8
HQ974NHXTM
006MPX2Q8H
VVJRTR7V98
FDJR8CBX8X
SK2NQ3XFSJ
FDJR8CBX8X
W68K2MNDS9
0043V3Q2S2
07TPHFKJ8R

and that was just the first two pages ... 2,030 results. And EACH result is a potential to get access to OTHER databases (it's generally a sort of bookmark for libraries)

another example ?

Grolier Online
http://go.grolier.com:80/
username: casls
password: casls
username: hot
password: ice
username: at5
password: ssoggy
Spanish edition :
username: Top
password: dog

comments : short login and password. Some common english words.
conclusion : a good target for a bruteforce :)

One where i failed is the SIRS databases

SIRS
http://ars.sirs.com/cgi-bin/custlogin
username : NY0528
password : 14173

SIRS Fulltext Online Periodical Index
http://sks.sirs.com
Username: CA3759
Password: 92065

it says : "Sorry, Your IP Address is not consistent with the customer number you entered"
So, they have an IpCheck. What can be done is using the IP of the site where the key was found and scanning 'around' for proxies ( ProxyHunter works fine for me : download proxy tools here or here or anywhere you want).


Now it's time to collapse all the knowledge we can gather, build maps, crack open sites, and release everything in the open info sea.
Let the nucleus eat all that stuff ! :)

loki



--------------------------------------------------------------------------------

Re: a comment to the SIRS example (18/01/02 06:06:23)
http://ars.sirs.com/cgi-bin/custlogin
username : NY0528
password : 14173

SIRS Fulltext Online Periodical Index
http://sks.sirs.com
Username: CA3759
Password: 92065

the first one come from a New York library, and the second from a Canadian library ... need more explanations ? ;)

loki



--------------------------------------------------------------------------------

a "trick" (18/01/02 07:00:37)
let's try to resume what was written, into a simple combing 'trick' for accessing databases.

--------




Find out the url where is located the login form or, if it uses an .htaccess protection scheme (see at searchlore "~ Authentication & Authorization lore for Apache servers ~" for more on that subject) the protected directory. This is also the first step for bruteforcing a site.

Prepare queries using the url and keywords found on the target site, like how they name their variables (username, user name, user-name, user ID, ID ARE different keywords).

Launch search engines or scrolls :

- use the "link:" option to find sites that POINT to the target (remember that it usually doesn't work with metasearchengines and a lot of classic search engines)
- use the plain url to find sites that only print the url (they use the both usually)
- filter the results with keywords


This way you'll fish mostly bookmarks where someone has written in PLAIN TEXT his login information. It is frequently the case for libraries, has we have seen earlier. They write all the identification informations on a web page, and thinks it'll be seen only by users of their internal computers. But they forgot the spiders ... :)

Moreover, when you've grabbed a valid access, if the protection scheme is really weak, using this weakness as keywords can produce wonderfull results : remember the Proquest case.

--------

That's all. I think it somehow resumes what was written in my last posts in a simple searching algorithm. A trick.


loki

[ 本帖最后由 wjfllj 于 2006-12-13 12:45 编辑 ]
寒冰
分享:

愚愚学园属于纯学术、非经营性专业网站,无任何商业性质,大家出于学习和科研目的进行交流讨论。

如有涉侵犯著作权人的版权等信息,请及时来信告知,我们将立刻从网站上删除,并向所有持版权者致最深歉意,谢谢。