tags:

views:

100

answers:

3
+1  Q: 

How to get the lists of file and directory names of a site?

How exactly do you do this? The reason is my CMS has been breached, well, mainly because the username and password is fairly common (my bad). But I've always thought that it is save, since the directory name is pretty un-common and hard to guess (not the usual /cms/ or /admin/). Brute-forcing from a script? or maybe some Google tricks?

update : my CMS is in PHP and I developed it myself. I don't remember putting the link to it everywhere, except once in email I sent to my friend via gmail.

update 2 : as this could be used by some people to attack a site, please don't put any script in the answer. My intention is just to know the general ways to do it, so that I could prevent further attacks like this.

Thanks in advance.

+1  A: 

My guess is, that somebody linked to your CMS URL and an automated (evil) script found it using Google search results looking for some common patterns.

Search in Google using this query

link:http://www.example.com/myCmsFolder

to verify if your link/pages are contained in Google.

splattne  2009-03-22 13:31:19
hmm.. nope. Results are none. That means that my cms aren't indexed right ?
andyk  2009-03-22 14:05:46
try also with http://www.example.com/myCmsFolder/index.php or whatever your start document is...
splattne  2009-03-22 15:00:03
nope, the search for both index.php and login.php returns no result. It's good to know this though. I'll remember this. Thanks.
andyk  2009-03-22 16:23:45
+1  A: 

Maybe you had a link to administrative area somewhere?

Or maybe accessing main directory without filename renders directory index? I.e. you're using mod_autoindex?

vartec  2009-03-22 13:33:03
+2  A: 

Did you ever surf somewhere via a link from your CMS? Your browser would have sent a referer (note the misspelling) header, indicating where you came from.

Mikeage  2009-03-22 15:47:26
+1 because that's not something I would've thought of.
pd  2009-03-28 20:28:46
nice one, I'll try reviewing all the contents in it and asking my friend whether he had clicked a user-submitted link in it or not.
andyk  2009-04-12 08:09:36

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security