This document describes techniques for acquiring a password file using only a web browser. It covers using programs like cgi-bin/phf to query a system's etc/passwd file from a browser. The document instructs readers to search search engines like AltaVista for websites still running cgi-bin/phf to find targets, then use that program to retrieve the password file without needing access to the system otherwise.
AWS Community Day CPH - Three problems of Terraform
Website Hacking Oldie
1. Hacking from your Web Browser
Modify of Technophoria
I - Introduction
This file will describe several techiniques to aquire a password file
just by using an ordinary web browser. The information provided will be
best described for the beginner hacker, but all hackers should benifit
from this information. We will only cov
er phf in this file but, feel free to explore other programs in the cgi
directory such as nph-test-cgi or test-cgi. And now . . . get
comfortable... sit back.... and read.
II - Hacking from your Web Browser
There are several techniques on what I call Web Browser Hacking. Many
beginners dont know that you cant query a etc/passwd file from your
browser and in this chapter I will describe all the ways to aquire a
passwd file. First you need to find a box t
hat is running the cgi-bin/phf file on their system. A great way to
find out without trial and error is to go to www.altavista.com and just
search on cgi-bin AND perl.exe or cgi-bin AND phf