server
suppose there is a hidden file in a website like this :
http://www.example.com/public/private/home/room/index.php
and I want to search for this hidden file that is located in one of these directories public or home or room or private . However I fail to find it manually using the source code . What are the methods or programs or techniques used to find this hidden file . I found some in Google but they are not efficient . Any help would be appreciated.
http://www.example.com/public/private/home/room/index.php
and I want to search for this hidden file that is located in one of these directories public or home or room or private . However I fail to find it manually using the source code . What are the methods or programs or techniques used to find this hidden file . I found some in Google but they are not efficient . Any help would be appreciated.
thank you very much for your reply .
You mean that I no need to use any program or technique or skillful method or trick to find the hidden file and that the source code is enough ? no need to a program?!
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
You mean that I no need to use any program or technique or skillful method or trick to find the hidden file and that the source code is enough ? no need to a program?!
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
What do you mean when you said you failed to find it manually with the source code?
I did not say that files are stored in the source code did I ? some links to some hidden files can be located in the source code in green color or between some comments and what I am asking LB :
You mean that I no need to use any program or technique or skillful method or trick to find the hidden file and that the source code is enough ? no need to a program?!
this is in the context of my previous post
and this
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
is a general question
So I hope I get an answer for these two questions from LB
You mean that I no need to use any program or technique or skillful method or trick to find the hidden file and that the source code is enough ? no need to a program?!
this is in the context of my previous post
and this
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
is a general question
So I hope I get an answer for these two questions from LB
Last edited on
I don't understand why you are looking for file paths in source code when the files exist in the source repository. You could literally click through the folders to find files. I don't really consider that to even be 'hidden' - it's just that you don't know they're there until you look, and they're easy to come across.
| if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ??? |
@ OP: Do you happen to know a lot of pen testers and forensic specialists? It might help us if you stopped trying to be so vague about what you are hunting for. Right now you're either asking about a Bot, which has little to nothing to do with pen testing or forensics. Or you're asking about a port scanner which has nothing at all to do with finding "hidden files".
I've also commented on your post regarding cryptography by the way. Just a word of advice, if you spread yourself too thin studying too many things then you're never going to get anywhere. These aren't the kind of subjects you can learn just by dumping a few hundred hours into them.
"Do you happen to know a lot of pen testers and forensic specialists? It might help us if you stopped trying to be so vague about what you are hunting for. Right now you're either asking about a Bot, which has little to nothing to do with pen testing or forensics. Or you're asking about a port scanner which has nothing at all to do with finding "hidden files"."
I am asking about this :
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
and this
What are the methods or programs or techniques used to find this hidden file?
these were my questions . If I ask them , I have my reasons why I ask them which you ignore and I cannot tell you about my reasons . If you can answer them you are thanked very much if not do not answer them .
"Just a word of advice, if you spread yourself too thin studying too many things then you're never going to get anywhere"
I appreciated your advice and I know what I am doing . Try not to make things personal. You have nothing to do with my own person . You are not here to evaluate me.
I did not ask about things concerning other programming language as this is illegal (this is a forum of c / c++)
I am asking about this :
if the source code is enough why many pen testers and criminal forensics investigators use programs and sophisticated methods to find hidden files in a website ???
and this
What are the methods or programs or techniques used to find this hidden file?
these were my questions . If I ask them , I have my reasons why I ask them which you ignore and I cannot tell you about my reasons . If you can answer them you are thanked very much if not do not answer them .
"Just a word of advice, if you spread yourself too thin studying too many things then you're never going to get anywhere"
I appreciated your advice and I know what I am doing . Try not to make things personal. You have nothing to do with my own person . You are not here to evaluate me.
I did not ask about things concerning other programming language as this is illegal (this is a forum of c / c++)
Last edited on
OK, I think the problem is with a breakdown in communication that you experienced with LB earlier. I'm going to come right out and say it, I think that you are looking to dump a database off of a website. You should know that this is more then likely illegal in your country and is in fact a felony in the United States. You should find a different hobby if this is what you intend to do.
That being said in the interest of academia, the method you would use to accomplish this would have to be tailored specific to the target. You have to remember that in order for a web server to be useful, it has to except commands that are sent to it from any number of hosts and it needs to respond to those commands in a consistent and meaningful way. Reception of these commands is done by a special process called either a service or a daemon that is hosted on the web server. This is a special process\process pool that is dedicated to dealing with these requests. Everything is done in text, although the actual encoding of that text may vary. How that text is interpreted or interpolated is based on a pre-existing set of rules known as a protocol. Identify the protocol, learn it and then figure out what you can and cannot do with it. There is no magic to any of this, it's all documented. Otherwise nothing would work.
You asked earlier why penetration testers use programmatic approaches to looking for flaws? The answer is that it is faster to figure out things that way then it is to use telnet and type everything in by hand. Here's your freebie OP: http://nmap.org/ and now I will say it again DO NOT DO ANYTHING STUPID. DO NOT GET INTO TROUBLE. I am only entertaining you because it was stuff like this that launched my own interest into computer science. I know how interesting this stuff feels and I know how infuriating it can be to hit a dead end or to ask a question and have nobody answer; or worse they answer with some cryptic and esoteric garbage that basically tells you to take a hike.
As for Data Forensics, that field is all about data recovery and reconstruction. Most methods they employ involve having physical access to the hardware in question. This one isn't really my field and I usually defer to people who are better qualified then I am.
That being said in the interest of academia, the method you would use to accomplish this would have to be tailored specific to the target. You have to remember that in order for a web server to be useful, it has to except commands that are sent to it from any number of hosts and it needs to respond to those commands in a consistent and meaningful way. Reception of these commands is done by a special process called either a service or a daemon that is hosted on the web server. This is a special process\process pool that is dedicated to dealing with these requests. Everything is done in text, although the actual encoding of that text may vary. How that text is interpreted or interpolated is based on a pre-existing set of rules known as a protocol. Identify the protocol, learn it and then figure out what you can and cannot do with it. There is no magic to any of this, it's all documented. Otherwise nothing would work.
You asked earlier why penetration testers use programmatic approaches to looking for flaws? The answer is that it is faster to figure out things that way then it is to use telnet and type everything in by hand. Here's your freebie OP: http://nmap.org/ and now I will say it again DO NOT DO ANYTHING STUPID. DO NOT GET INTO TROUBLE. I am only entertaining you because it was stuff like this that launched my own interest into computer science. I know how interesting this stuff feels and I know how infuriating it can be to hit a dead end or to ask a question and have nobody answer; or worse they answer with some cryptic and esoteric garbage that basically tells you to take a hike.
As for Data Forensics, that field is all about data recovery and reconstruction. Most methods they employ involve having physical access to the hardware in question. This one isn't really my field and I usually defer to people who are better qualified then I am.
Last edited on
"think that you are looking to dump a database off of a website"
No it is totally wrong . I do not do such a thing and I am not interested in doing it and if I want to ask about it would not it be better if I ask it in a hacking forum !!!
I am not from Cuba . What make you think that I am from Cuba ? are tracking me? :) :)
I want to learn and I am in this site so that everyone teach me . I am your student . I am hungry for knowledge and I want to learn every small microscopic details that I cannot understand or clearly find in Google or clearly understand. MY ONLY PURPOSE IS TO LEARN nothing more This site is a great site. Personally I find it the best among many forums. and there are many skillful guys in this site that I should learn from them. If I had money I would like it to support this site but I am a poor guy . However , I like this site. Any information is the welcome , anyone who correct me is a king and criticize my information . PLEASE , correct me and teach me all what you know
No it is totally wrong . I do not do such a thing and I am not interested in doing it and if I want to ask about it would not it be better if I ask it in a hacking forum !!!
I am not from Cuba . What make you think that I am from Cuba ? are tracking me? :) :)
I want to learn and I am in this site so that everyone teach me . I am your student . I am hungry for knowledge and I want to learn every small microscopic details that I cannot understand or clearly find in Google or clearly understand. MY ONLY PURPOSE IS TO LEARN nothing more This site is a great site. Personally I find it the best among many forums. and there are many skillful guys in this site that I should learn from them. If I had money I would like it to support this site but I am a poor guy . However , I like this site. Any information is the welcome , anyone who correct me is a king and criticize my information . PLEASE , correct me and teach me all what you know
| I am not from Cuba . What make you think that I am from Cuba ? are tracking me? :) :) |
Topic archived. No new replies allowed.