OSINT Escapades #7

Yo, here we are with another quick entry of interesting findings publicly exposed on the internet. This post will not have anything that will blow your mind but I promise you won’t be disappointed.

Before I show ’em off, here is the google dork I used to find them:

“Index Of” site:*.35.* -com -ru

So I’m searching with site that have directory listing/browsing available no .com or .ru Top Level Domains (TLD) and for the site dork, it means, x.35.x where x means anything.

This is one of the best ways I’ve found to have google only return results that are IPs and not domains. Obviously you can change the 35 to any number up to 254. If you wanted to go even deeper, you could do something like

“Index Of” site:100.35.*.* -com -ru

Which means all results have to start with 100.35

This is the closest way to have a wildcard via Google although technically it is not a complete wildcard.

First up is this Icecast2 Web Interface that is used for online radio I suppose although I admit when I first found it, I thought it was something like plex.

I believe I also added filetype:xsl to the end of the google dork mentioned above and was surprised to find something like this in the results. Here is another example of Icecast2

This one it turns out was actually being used at the time of discovery and yes, I did listen to the radio station a little bit which I believe was based in Norway based off the TLD of the stream URL

I’d tell you what I found next but I’m not quite sure of what it is

So it isn’t completely in English so I’m not sure what I’m looking at but it looks like some type of web management page. Feel free to enlighten me of what this is if you decide to do some research on it!

Next is some type of web application for the Ministry of Health for an unknown country.

I’ll admit, this application wasn’t working because although force browsing was possible, I was unauthenticated so nothing was working properly.

Until Next time;

Check out the other entries in this series!



Leave a Reply