/* Hidden Secrets of the Web */ by: Screamer Chaotix

	Perhaps the most appealing thing to me about the internet are all the twists, turns, secret passages, and
goodies you can find just by looking around long enough.  Suppose you come across a university network and get a
little curious.  You portscan && nessus && hackbot it all you like until you know every machine, and what each of 
those machines are running.  What you might not see at first glance though, are the things people put on this vast 
internet and completely forget about.  Pictures, movies, files...open connections.  You name it, it's out there,
and it's just waiting to be snagged.

	My philosophy is a simple one, if you can get to it, it's fair game.  What that means in
a nutshell is that if you can ping it, connect to it, see it, or hear it without having to write code to crack it,
then you shouldn't spend a night in jail for going to it.  A lot of people disagree, claiming that their ignorance
is no excuse for you to go snooping around.  A real world example (bleh!) of this would be the person that leaves
their blinds open.  If they stand in front of their window to get dressed, why should you assume they don't want you
to look?  Common sense?  What about the common sense that screams "Shut the damn curtains!"?  My philosophy is 
usually not an easy one to accept, but as a person who loves to play with computers because I never know what I'll
find, the idea of a world wired together electronically is an exciting one.  First there were phones, tools that
allowed you to hear the sounds of the world from your own home.  But now we can see what's out there through our
computers, and with this article, I'd like to share some of the things I've found.

	Hackbot, which can be found at ws.obit.nl, is an excellent tool for scanning remote machines for any 
services they may be running.  On top of this, it also mentions which services have exploitable holes, which is
great for securing your system or finding anything that might be out of place.  The downside to Hackbot is that it
doesn't have the most complete information available out there.  If you're looking for a vulnerability checker,
Nessus (www.nessus.org) is a much sounder choice.  Hackbot does have an advantage of its own however, and it 
comes in the form of its website checks.  
Using a database included with the program, Hackbot will check for a number of
various directories that may be open on the remote machine.  And that's where our fun begins.

	Directories can be a dangerous thing when not used properly on a webserver. Quite often webservers will
allow directory listing (which appears as nothing more than a white background with a list of files and/or 
subdirectories), and if not disallowed, anyone can view the contents of that directory.  What this means is that
ALL files and directories located beneath the one they're currently viewing are visible, which means even more
directories (with listing enabled) can be entered.  What Hackbot does is seek out certain directories that may be
available, and the one that immediately comes to mind is /stats.  The /stats directory is often utilized by sites
that manage multiple users, and can allow the webmaster to check usage statistics to see where people are logging
in from, how often they log in, what their username is, and so forth.  And all of this directly from a webpage.  
The downside, from a webmaster point of view, is that if this directory is viewable to the outside world, you're 
putting your site in a very compromising position.  Username's can be put into wordlists, then thrown into cracking
programs to attack your site all day and night.  And should you not be prepared for this, it's entirely possible,
if not likely, that one of those username's will crack and allow the attacker to gain access.  No big deal to you
necessarily, unless you allow your users more "trusted" access (shell/mail accounts, etc), or if you're providing
"members only" content you don't want just anyone getting their hands on.

	But /stats is far from the only thing Hackbot can find.  Two other personal favorites of mine are /test and
/temp.  These directories, while possibly sounding pretty boring, might actually hold a wealth of treasure.  
Allow me to explain.  Many sites live by "security through obscurity," and I'm sure we all know what that means
by now (thanks Billy G!).  They have things on their site that they believe people can never find, and to be honest, 
for the most part they're right!  Most people out there don't realize that just because it doesn't have a link
doesn't mean you can't get to it.  Everything that's o+r can be seen by anyone with a browser and the means to find
those hard to reach places, but for most sites that doesn't matter.  Most sites will create a /temp directory that
can be seen by the world, throw in some files, and then forget they're there.  Case in point:  I was hackbotting an, 
I admit it, adult site one day, just seeing what kind of stuff they had open to the world.  Sure enough, I found
/test and /temp.  Looking inside, I saw that /test just listed some galleries, member information (like where to
send the check), and other such nonsense.  Inside /temp though, they had stored three 600mb movies!

	The most likely reason for this is the one I mentioned before, since I've never heard of a site voluntarily
giving out free 600mb downloads (sans linux and other OSS stuff).  They were probably moving files around, stuck
those movies in the closest directory, and then left...without realizing that directory was open to everyone.  Now
this is the stuff I love.  Sure the pr0n is cool, but the fact that pages like this are out there on that endless
internet just waiting to be found amazes me.  Plus this opens up all sorts of other fun possibilities, including
some warez pirates and cyberpunks have been using for years.  The warez folks love those dead drop FTP servers 
overseas that they can commandeer and then use to store/share/trade files.  The cyberpunks, or those hackers that
love to explore different areas of the net, can use these sites to provide information and files to people without
the fear or hassel of signing up for an account somewhere.  I won't argue it's the nicest thing you can do, but I
think as long as no one gets hurt there's no harm, no foul.

	Files and directories are not the only things you can find out there though.  Using nmap, or another 
portscanner (angry shoutz to those bitches who diss fyodor!), you can locate open services that might be much more
than they seem.  Quite often, people will keep X open to the world, so that anyone can connect to their computer,
log their keystrokes, view their monitor, whatever they like...and all without the need of some silly trojan.  
Another great find are open webcams, which can be used to see the person on the other end of the connection!  So if
someone is attacking your machine, or just making your day that much harder, check to see if they have an open
webcam port (default is usually 21).  If so, you may be able to open a connection to their machine and actually
see them attacking you!  I've heard rumors of this happening, but so far never had the pleasure of experiencing it
myself.

	The corridors of the internet are waiting to be explored, and their secrets waiting to be discovered.  
Naturally, there are a lot of people who believe that you don't have the right to see, hear, or download something
"just because you can."  I disagree however, because much like with bootleg videos, I don't think it's my 
responsibility to make assumptions day in and day out whether something is "legitimate" or not.  How am I supposed
to truly know, aside from guessing, whether or not someone wants me to see something?  Open webcam ports allow
people to see you, files in world readable directories can be read by the world (makes sense, no?), and machines
with no passwords allow people to walk right in.  But that's for another article, one that will get away from the
WWW and focus more on the actual plumbing of the internet.  Until then, never stop exploring. 

-screamer