More Browser Hacking:
How to Find Password Files
Is this too boring? Let's hunt for passwords. A search on
intitle:"Index of /etc" brings up
OK, that file that says "passwd"
looks really interesting. You can read it with your browser by
just clicking on it. However, you are likely to be disappointed.
You'll probably see something like this. No actual passwords.
Their are several reasons
for this. Today most Unix and Linux computers keep mostly just
user names in the file /etc/passwd. Some don't even keep user
names because a different computer might be handling authentication.
Despite this, the contents of this /etc/passwd are really
exciting. This reveals the user names of the people who are probably
deeply involved in running this Internet server: dave, nick,
pete, ben and rwn. You can probably email them at, for example,
email@example.com and so forth. Note that I have foobarred
the real name of this web server so as to not embarrass them:)
Newbie note: Foobar is also spelled
fubar. It stands for something rude along the lines of F***ed
Up Beyond All Recognition.