DomX Posted March 15, 2010 Share Posted March 15, 2010 This may be a weird and stupid question, but I was wondering how I would go about to find a website's link that is not directly linked to any part of the main page or without guessing. Like finding the link to www.example.com/hmmm without knowing the hmmm part. Quote Link to comment Share on other sites More sharing options...
digip Posted March 15, 2010 Share Posted March 15, 2010 (edited) This may be a weird and stupid question, but I was wondering how I would go about to find a website's link that is not directly linked to any part of the main page or without guessing. Like finding the link to www.example.com/hmmm without knowing the hmmm part. There are probably more ways, but here are a few I can think of 1, the owner of the site was on a hiddne page, as http refferer turned on in their browser, then visits another site such as google and it gets indexed 2, you read their site robots.txt file and they have something telling search engines to stay out of certain links, yet you can plainly go to them in your browser even though there are no direct links in their site anywhere 3, you run some sort of fuzzer to guess different combinations of names characters, etc and look for valid http 200 ok replies for good links 4, you compromise the server in some way, either logged on by ftp or ssh and list all the files and directories on the server itself exposing normally unlisted links on the www side of things 5, another comrpomise of some sort, but through the browser giving you directory traversal and listing of files. MS IIS servers used to be vulnerable to this all the time back in the day due to a defalt.asp page inclduing a vilnerable search feature that listed all files and drives on the machine. Edited March 15, 2010 by digip Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted March 15, 2010 Share Posted March 15, 2010 I'd start looking at ServerSniff it will find subdomains, not so sure about actual URL's I think you'd have to brute force it or find an exploit. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.