howtosea
Back to how to search

Kmart's 'More searching tips'


(Courtesy of fravia's pages of reverse engineering ~ December 1998)

red

Well, oh my... another great searcher (von wegen 'humble tips') steps out of the shadows of the web... At first I thought Kmart would have wanted to lock this info on my advanced search section, but he decided to go public with it... quite powerful tips in here: "If you use these search techniques you can find yourself getting quite a bit of class A, quality info"... yes, indeed. I believe we are beginning to pump some power searchers on the web at last... let's hope you will be real reversers and will not forget that you should use all the power you are gathering in order to change and ameliorate the awful world we live in.

red




More searching tips: by *kmart*

kmart(at)pohl(point)ececs(point)uc(point)edu



	I am firmly convinced that Search engines, and chiefly Altavista, are gifts

from the divine (ex cathedra eh ?), to hackers, crackers, and anyone who has a

need for information-licit or illicit- form the InterNet.  Altavista has thrown

open the gates of information to the digital underground, gone are the days

(perhaps, in some ways, unfortunately) secretly trading t-philes between bbs's,

of getting NUP's for prime boards just so that you could download philes not

found anywhere else.  The most elite of information lies, in plain view like a

wanton harlot just begging you to grab it.  It is a telling sign of the decline

of our underground that for the first time in history Information is being

handed out in the most promiscuous fashion and we are too stupid to even notice.



Ain't we dumb... +Fravia's series of articles show a number of ways to use

altavista and other search engines to their full potentials, I hope that my

humble tips will also aid you, dear reader, in however small a way.



I am not a cracker (though the *wunderful* influence of *fravia's site has

convinced me to change these error filled ways heh heh), rather, my interests

lie in the directions of SIG and COMINT, satellite technology, phone phreaking,

RF exploration, and, some network hacking on the side (particularly x.25

networks, the Internet exploit scene mafia bores me...).  To feed the

information hunger that I have I must obtain constant information of

particularly sensitive natures regarding these fields.  Altavista can help me

here.  Since people are not exactly beating down doors to write philes on

aspects of microwave RF communications I am left with searching for protocol and

project proposals and specs, implementation notes, and things of this nature. 

.gov and .mil sites are rich sources of such information if you know where to

search for them.  Now less so than 5 months ago since the army decided to

thoroughly sanitize their web sites for misplaced information, and the rest of

the DOD is following them in this, but .gov sites can still be tapped for such

material, or even other materials. 



Tips, excite, despite its small size, seems to have the most number of

mis-indexed .mil sites, one of my most delightful finds was a public site on

energy weapon programs currently under development by the Army. DARPA should not

put information such as this on public sites, but its not as if I care.

 On excite searching for keywords can help, throw around COMINT, SIGINT,

HF, RF, gigahertz, ghz, mhz, deployment, "proving grounds" and the like

together for interesting results.  

Your mileage may vary since the last search of such a nature that I did 

on Excite was about 6 months ago, I am now almost exclusively an Altavista 

"crack fiend" :-)



Where Altavista lacks in the .mil department (which is not much, trust me) it

more than makes up for in it's .gov indexing.  Take advantage of sloppy mis

configuration of apache and NCSA servers and do searches for: 

"domain:gov " .pdf" ".doc" ".ps" [insert keywords here ] "

throw in "index of" to nab mistakenly indexed directories.  Frequently

web bots will index the contents of a particular directory if a link on a page

it was indexing happens to lead to a document in there, and if that directory

does not have an index/Welcome/default.html file there.



By searching for document types you weed out fluff, serious research

results will be saved and distributed as as postscript files, dvi files,

Micro$oft word files (blech), and on .mil sites both PDF and, oddly enough, as

POWERPOINT SLIDE SHOWS.  It is strange but DOD types love powerpoint (it seams). 

Military briefings have always traditionally incorporated slide shows,

Powerpoint and other Groupware apps bring this method into the 1990's.  If you

reverse/crack serious commercial Groupware applications, you are doubtlessly 

aware of file endings for some specialized Electronic Whiteboard applications, 

search for files with these endings (do research, order product literature, 

order demo copies of these programs or if you work for a corporation that uses 

real computer aided electronic whiteboards then fiddle around with them and

read their manuals.



For corporate searches use "domain:com" (or gte.com) or narrow the searches down

to specific hosts.

Also corporate types do not use postscript (too stupid ?), search for

microsoft word documents and powerpoint slides (".doc" etc ).



Some .gov and .com sites will be smart enough to use the oh so secure

practice of digital encryption, through microsoft word :-) There are enough

programs out there that will attack word encryption and there are some good

commercial ones too.  Do not be a cheapskate by them for God's sake.



By all means do this in as subtle a way as possible, if you milk these

searches out these sites will notice the gadzillion hits from you and close this

stuff down.  No one likes to leak proprietary info, its just that most web

masters lack the time to nail down their servers properly (trust me on this

one).  

This is esp. the case with Windows NT servers running IIS(sigh) since every

time we apply a service pack it breaks something and we have 700 customers,

bosses, peons yelling at us.  Oh yeah, on that note if you stumble on a IIS

site and the treasured info that you need is in a secured directory, use the 

already overused but infamous ::$DATA data stream trick.  Use this to nab .asp 

files, examine their structure see if they make calls to dao.db or ADODB 

objects, reverse the directory tree that they seem to fit into, find and then 

download the access or SQL server database files that they refer to.



Sometimes the information that you are searching for is just plain

obscure, what to do then ?  Check out mailing list archives. There are a 

number of good web board packages out there, search for particular details 

in the default file and directory structures of these packages along with 

your keywords.  many times you might stumble on some old and obscure archived 

Listserv that happens to have had a couple of posters from NASA jpl who happen 

to have written posts on the topic that you need.  

In my experience I have found mailing list archives and Web

boards to have a better signal to noise ratio than usenet archives.  The

downshot is that it may take considerable time to discover the right

mailing list, the right archive, with the right data that you need.  Look at

.edu sites that happen to receive many DOD research grants.  There will be many

Professors and Grad Students at such sites whose research lies along the lines of

your own. Read their posts, they will often contain valuable data.  Here your

search is not pointed, methods like these work well for background searches,

where you are not looking for specific data but you are looking for data that 

will help you narrow down future searches, or that will direct the lines that your

search takes.





PLEASE remember, that there is information out there of a hair raising

nature, information that the computer underground needs to, and deserves to

know about. 

BUT the last thing that anyone needs is for access to information, so

lovingly forgotten about by the establishment, to be cut off (but being the 

smart gentlemen/women that we are we will simply hack, crack, and reverse our

way to it again right guys ?!).  So be subtle, chain your searches through a

number of proxies and/or wingates before even hitting altavista, alternate the

times of your searches, skip days.  When you retrieve your info from your target

boxes come in from different proxies and do not hit them very frequently. 

Know that Altavista (as fravia+ has alluded to before) keeps logs of searches,

that is how the old trick of searching for mis-indexed root filesystems 

(and thus /etc/passwd files) that was popular a few years ago got cut off,

Altavista is too good an engine sometimes... they simply noticed that 

many people seemed to be searching for /etc/passwd and /etc/group etc and 

hard coded these searches out of their engine.  If you are very clever 

in constructing your searches you can still get these results even today 

(a little birdie just cracked a box in a major edu supercomputer center 

this way recently :-).



In other words, do not milk the poor cow to death, if you need specific

info on a project or particular technology cast your net wide, and narrow it

down. But try not to overdo this, esp. on .mil sites since they are quite

paranoid (they have to be, its part of their job) and they will keep their 

eyes on you, your IP address, the sites that you go to, and other such 

things (if you are in the United States, the state of DOD Network traffic 

analysis is quite advanced here.  If you are European then you have other 

worries).  I do believe that the tips that I have given will give most 

reading this a lot of millage.  If you use these small, and humble, tips 

along with other more powerful search techniques (use agora servers and 

anon remailers to further obscure your tracks) you can find yourself getting 

quite a bit of class A, quality info. 



And Info is what we all crave right ?



A side benefit is that you can search for Pr0n site backdoors with ease

using similar methods.  Altavista is truly the Swiss Army knife of online

tools, use it well, thoughtfully, and with care; and it will not fail you.



If you like these search tips use them, if you think they are crap well

then give me better ones :-)  I can only advocate what has worked for me,

again your mileage may vary on all of this, now go out and have fun or 

something.


You'r deep inside fravia's pages of reverse engineering, choose your way out
howtosea
Back to how to search

redhomepage red links red anonymity red+ORC redstudents' essays redtools redcocktails
redacademy database redantismut search_forms redmail_fravia
redis reverse engineering legal?