In the previous section we described how some of the most common Search Engines are a real threat to those systems which allow access to their pages. Their indexing policies and a lack of efficient mechanisms implemented by the Engines, leave our machines completely unprotected from attackers.
The case is much worse when we deal with File Search Engines. File Search Engines such as Lycos, have thousand of entries referring to unsecured machines which filter confidential information all around the web. Even when the information contained in a file is codified, we still don’t want it to be available to every user around the Internet. But unbelievably that is what is happening with files containing passwords for every machine in a whole system.Such files are indexed in File Search Engines all around the Web.
Next, we quote a few examples:
Using Lycos to search for files as confidential as /etc/passwd and /etc/shadow we can get hundreds of different and very interesting outcomes. But it is not only those files that are a great source of confidential information about a system. Files such as .htaccess and .htpasswd are used to control access to specific content within a server and they also store information about passwords and users. Well, these files are extremely easy to find with the useful help from the Lycos Engine.
In many cases the information found in any of theses files is quick and easy to decode. Usually the algorithms used to codify the data are not very strong and easy to crack. This allows the hacker to recover a password almost immediately and very frequently to guess other users’ passwords, even the root password of a system. A clear example of a very unsophisticated algorithm used to codify passwords in files is the one used by cuteFTP to store passwords in the file SMDATA.DAT, another is the one used by Netscape Enterprise Server to store passwords in the file admpw. A search on any of the files above will provide very sensitive information that can be used to gain access to the system.
