OSINT Escapades #13

Whew, it’s been awhile, I know…Forgive me.

This entry is going to be a little longer, and different then the other posts. I definitely will continue going down this rabbit hole though, since I find it so interesting.

Anyway, it started off with a sleepless night and watching Mark Zuckerberg testify to Congress on YouTube about Libra. One thing led to another and I ended up at the Adult Swim Youtube Channel. They have these Development meeting I guess where you can call in and pitch your show. But I noticed that they had this interesting site open all the time when there wasn’t a pitch going on.

adult-swim
I tried to go to that exact URL but it popped a Basic Auth box. The fact it is HTTP and not HTTPS is what intrigued me originally.

Anyway, I decided to do some google dorks against the site since there wasn’t much to see on the actual site. And it led to me this:

tghit-directory-browsing.png
I didn’t go past a few directory listings that I googling but not a good sign.

I’d bet there is more to find there and I know the standards aren’t crazy high at Adult Swim, but I would sure love to help ’em out with their cyber security, especially opsec.

Anyway, I decided then to look up some pastebin like sites and see what I could find on them in a few minutes. So I found this webpage:

pastesites.png

Link HERE

I had heard of most of these but a few I haven’t, so I decided to use some google dorks on them to see what I could find.

control-c-pastesites-2
Lots more then just passwords in this dump
pip-pastesites-3
Always love finding random dumps like this
write-as-pastesites-4
Short but sweet
txti-pastesites-1
But wait, there’s more! And this is a bonus, since this wasn’t listed on the site I posted
rep-2.png
Not a dump, and definitely some spam but still interesting nonetheless. If you’re like me you probably think that google drive link is to malware right?
rep-3
WRONG!
pip-dox
This was quite an extensive DOX too
total-entries
So in about 25 minutes of googling how many user:password combos did I manage to scrape together?

A mere 38,270…Not bad at all.

BONUS INCOMING:

google-dork-rep
That’s the dork I used mostly, yes it is that easy 🙂

Lastly, make sure you don’t enter your password into sites like this:

aol-phish.png
LOL

Until next time…

END TRANSMISSION

Check out the other entries in this series!

 

One thought on “OSINT Escapades #13

Leave a Reply