How can you find parts of Internet servers that are normally
hidden from your browser? Dionisis Sir recently wrote to me,
Sometimes search engines like Yahoo or Google can do the hard
work for us. For example if we give to Google: intitle:"Index
of administrators.pwd" it will give us back some very interesting
Now even better we can give: intitle:"Index of /etc/"
If we use our imagination we can give intitle:"Index
of /etc/group" and bingo!! There are many combinations we
can think like: intitle:"Index of /cgi-bin/" or cgi-bin/etc
or, or, or....!!
There are a number of web
tutorials on how to use search engines to find computers that
let your browser just walk in and look at and download almost
anything, even things that aren't on their web sites. You can
learn a great deal about how an Internet server works by using
these techniques. In this Guide we go a few steps further than
these tutorials. We also show what to do after finding interesting
servers, and how to enjoy them without getting into trouble.
How to Find Hidden
Let's start with something fun and useful. You can get sued
or infected by viruses by using a peer-to-peer file program to
download music from other folks, home computers. However, there
are many Internet servers that offer free, legal music. Here's
a way to find even the most obscure of them, even find files
that aren't listed on the web page associated with the download
site. Most ftp servers (which offer downloads) keep everything
in a directory called ftproot.
Try a Google
search on inurl:ftproot. Here's one I found.
Using a download site such as this is pretty good insurance
against getting sued for music piracy. Although some sleazy web
sites do offer pirated music files, they get shut down fast.
In this case, by using the "Index of" search trick,
you have found a way to view the web site that tells you the
dates of its files. This site has clearly been in business a
long time. This suggests it isn't a piracy site.
Most importantly, you can read the date of each individual
music file. If it is before 2003, you can be pretty sure it isn't
one of those fingerprinted files the RIAA is using to catch pirates.
And if you swear off using peer-to-peer file sharing programs
entirely, no one is going to be able to use these programs to
snoop on your hard drive.
Why do we freely give out information that even the total
beginner may use as a two-edged sword of cyberspace power? We
do this "to turn over to mankind
at large the greatest possible power to control
the world and deal with it according to its lights and
values." -- Robert J. Oppenheimer, head
of the Manhattan Project, which created the world's first nuclear