How to obtain a list of files in a directory via a single HTTP request without a directory index? Is it possible to view a script’s source code on a working site? What if to gain database or FTP passwords? Today many people neglect their temporary files and make configuration mistakes, facilitating attackers’ access to sensitive information. Как получить список файлов в директории одним HTTP-запросом без directory index? Можно ли посмотреть исходники скрипта на работающем сайте? А что, если достать пароли к базе данных или FTP? Сегодня многие не обращают внимания на временные файлы и допускают ошибки в конфигурации, благодаря чему злоумышленник может легко получить доступ к важной информации.

1. Fast Track
“There's Nothing so
Permanent as Temporary”

2. Alexa top 1,000,000 websites

3. Robots
●
Robots.txt
Google dork:
inurl:robots filetype:txt
Disallow: /admin/*
Disallow: /backup/*
Disallow: /logs/*
Disallow:
/secret-file.tar.gz

4. Robots

5. Hypertext
●
.htaccess
●
.htpasswd
●
_.htpasswd
●
!.htpasswd
●
0.htpasswd
●
old.htpasswd
●
%20.htpasswd
●
backup.htpasswd
●
1.htpasswd

6. OS files
●
Thumbs.db
●
ehthumbs.db
●
Desktop.ini
●
.DS_Store
●
.apdisk
●
.AppleDouble
●
.LSOverride

7. Logs
●
access.log
●
access_log
●
error.log
●
error_log
●
/log/*
●
/logs/*

8. Logs

9. Logs
Google dorks:
site:mysite.com filetype:log
site:mysite.com inurl:error_log
site:mysite.com inurl:access_log

10. Status
●
/server-status/
●
/nginx-status/
●
/status/
●
/stats/
●
/stat/

12. DGT Release Checker for
vBulletin
validator.php

13. Tools for managing content in
databases
●
/sqlbuddy/login.php
●
/adminer/index.php
●
/adminer/adminer.php
●
/adminer.php
●
/phpmyadmin/index.php
●
/myadmin/index.php
●
/pma/index.php

14. Revision control
●
/.svn/entries
●
/.git/index
●
/.hg/store/undo
●
/.hg/store/data/

15. Revision control
●
.cvsignore
●
.gitignore
●
.gitignore_global
●
.npmignore
●
.svnignore
●
.hgignore

16. Revision control
●
.hgrc (mercurial.ini for win)
●
.gitconfig
●
.gitattributes

17. Test files
●
test.php
●
1.php
●
tst.php
●
test1.php
●
example.php
●
demo.php
●
phpinfo.php
●
php.php
●
info.php
●
i.php
●
p.php

18. ●
*.dif
●
*.err
●
*.orig
●
*.rej
●
.*.swo
●
.*.swn
●
.*.swm
●
.*.swp
●
*.vi
●
*~
●
*.sass-cache
●
*.cache
●
*.part
●
.#.*
●
*.bak
●
*.backup
●
*.un~
●
*.old
●
*.tmp
●
*.sublime-workspace
●
*.sublime-project
etc…
Swap and backup files

19. Swap and backup files

20. Other configs
●
/WEB-INF/context.xml
●
/WEB-INF/web.xml
●
/web.config
●
/dataobject.ini
●
/.travis.yml
●
/database.yml
●
/config/AppData.config
●
/inc/config.inc

21. /dataobjects.ini
/WEB-INF/context.xml

22. Statistic
●
/webstat/
●
/cgi-bin/awstats.pl
●
/apc.php
●
/apc/index.php
●
/apc/apc.php
Ну и там
всякий xcache,
загуглите
сами ;)

23. IDE and other
●
/nbproject/
●
/.komodotools/
●
/.sass-cache/
●
/.idea/
●
.project
●
.buildpath
●
.settings
●
.tmproj

24. IDE and other
●
/.config
●
/.pki
●
/.local
●
/.cache
●
/.filemgr-tmp
●
/.shrc
●
/.rhosts
●
/.profile
●
/.mailrc
●
/.mail_aliases
●
/.login_conf
●
/.login
●
/.cshrc
●
.cache

25. home = www

26. .bash_history

27. SSH
• /.ssh/known_host
• /.ssh/authorized_keys
• /.ssh/*

29. Attn!

30. /.ssh/id_rsa

31. @i_bo0om
Спасибо за внимание ;)
Тут я работаю >
< тут принимаю участие
/
Тут я пишу короч)))