Man
Professional
- Messages
- 3,222
- Reaction score
- 881
- Points
- 113
Open directories are a great source of information we shouldn't really have access to. In my Google Dorks post, I showed how you can be uber specific with your google queiries and find interesting results. One of those searches you can do is to find open directories, which are basically web servers that host a file system similar to the one on your computer. What kind of things are in these directories? All kinds of shit! Think of all the files you have on your comnputer, and it resembles that. To search for directories via dorking you can include inurl:/admin/documents or any other file sytem location phrase. You can also use https://open-directories.reecemercer.dev/, which is an open director search engine which makes the process more simple.
Here we are searching "userdata" in archives, because that's a common file name in stealer logs.
And there we go, an open directory. But so what?
While this directory by itself ended up not being anything mind blowing, after some digging, I found this:
Free data! But what now? Follow the white rabbit... or this email, I guess
What are we gonna do with the email? Well, remember search.illicit.services and how great it was before they removed the visible passwords?
This telegram bot has all the data we want, and it has a week free trial:
Send the bot the email (or phone number, name, password, username, IP, etc... whatever you want to look up) and it'll return all the data it has.
So now we have a username
assword, but where do we log into? Well, the first though is the domain's webmail. To find the link to it, we can use https://subdomainfinder.c99.nl/ to find its subdomains, which is commonly where the mail would be hosted.
Unfortunately, no email server was found, but digging around on the other domains provided another lead:
Another domain!
The link takes us to a site with a login page, but unfortunately the userass from before didn't work. But you know what's cool about that telegram bot from before? If you copy/paste the link of the login page and send it to the bot, it will show you all the leaked data it has associated with that link:
After a couple of tries, we get a successful login to the property investing site:
Unfortunately the account hadn't been used
But I searched this person's email, who I now know is a home flipper (big $$$) into the lookup bot again. The results were extensive:
So as you can see, this can pretty much go on forever, and it didn't even take me long to find an account that was accessible.
OPEN DIRECTORY SEARCH ENGINE
OSINT LOOKUP TELEGRAM BOT
SUBDOMAIN FINDER
subdomainfinder.c99.nl
Here we are searching "userdata" in archives, because that's a common file name in stealer logs.
And there we go, an open directory. But so what?
While this directory by itself ended up not being anything mind blowing, after some digging, I found this:
Free data! But what now? Follow the white rabbit... or this email, I guess
What are we gonna do with the email? Well, remember search.illicit.services and how great it was before they removed the visible passwords?
This telegram bot has all the data we want, and it has a week free trial:
Send the bot the email (or phone number, name, password, username, IP, etc... whatever you want to look up) and it'll return all the data it has.
So now we have a username
assword, but where do we log into? Well, the first though is the domain's webmail. To find the link to it, we can use https://subdomainfinder.c99.nl/ to find its subdomains, which is commonly where the mail would be hosted.Unfortunately, no email server was found, but digging around on the other domains provided another lead:
Another domain!
The link takes us to a site with a login page, but unfortunately the user
ass from before didn't work. But you know what's cool about that telegram bot from before? If you copy/paste the link of the login page and send it to the bot, it will show you all the leaked data it has associated with that link:After a couple of tries, we get a successful login to the property investing site:
Unfortunately the account hadn't been used
But I searched this person's email, who I now know is a home flipper (big $$$) into the lookup bot again. The results were extensive:
So as you can see, this can pretty much go on forever, and it didn't even take me long to find an account that was accessible.
OPEN DIRECTORY SEARCH ENGINE
OSINT LOOKUP TELEGRAM BOT
SUBDOMAIN FINDER
Subdomain Finder - C99.nl
Subdomain Finder is a scanner that scans an entire domain to find as many subdomains as possible.
