So MANY hidden directories on "Buck's Fishing and Camping" and "Comet Ping Pong" websites

So MANY hidden directories on "Buck's Fishing and Camping" and "Comet Ping Pong" websites (pizzagate)

submitted 6.4 years ago by dicedtomatoes55-2

Hey guys, so after reading about the supposed password protected section of Buck's Fishing and Camping website, I decided to do a little bit of digging and researching myself on the sites that are connected to the restaurants connected to James Alefantis.

Playing around with both websites "bucksfishingandcamping.com" and "www.cometpingpong.com" on pentest-tools.com, the scan is coming back with over 1,100 hidden directories on each.

Now obviously some relate to squarespace (the host of the websites) and some relate to the javascript coding of the websites, but then there's some that are just named too odd to be related to either components. I may be wrong but here's some of them:

/benefits/

/girl/

/house/

/memberlist/

/training/

/asia

/forums

/guests

/iraq.bat

/jacob

/joinrequests

/kontakt.bat

/military

/movies.bat

Here's the problem for me. They're either deemed "Forbidden" or "Too Many Requests". I don't know enough internet smarts to get through them. Whatever the case may be, /iraq.bat and /military sound really fishy.

Oh and if anybody has any recommendations where I can upload the PDF for all to see, let me know. The last thing I need is for people calling this fake.

52 comments

You are viewing a single comment's thread.

view the rest of the comments →

NoRagrets 6.4 years ago

I'm by no means a 1337 Hax0r, but I did do some analysis on this many moons ago.
Perhaps someone with more talent could pick up where I left off.

https://voat.co/v/pizzagate/1492143/7247215

On both cometpingpong.com/protected and bucksfishingandcamping.com/protected the code is virtually identical, this code shows that the login button simply reloads the page but expects POST data.
See line 1 below.
The POST data is entered in the Password field.

This could probably quite easily be brute forced by someone more knowledgeable than myself.

<form action="" method="post" class="cc-protected-area">
<h1>
    Password-protected area
</h1>
<br/>
<br/>

<p class="cc-protected-note">
    This page is accessible with a valid password only.
</p>

<p class="cc-protected-note">
    <br/>
    Password:
</p>

<form>
    <input name="password" type="password" id="password"/> <input name="do_login" type="hidden" id="login" value="yes"/> <input type="submit" name="Submit" value="Log in" class="submitUser"/>
</form>
</form>

link

drowsybadger 6.4 years ago

Your right that is only looking for a pasword. Good stuff. Its time we all moved to the next level. I need into my student loan db to reset that shit to 2 dollars.

link

dicedtomatoes55-2 6.4 years ago

Even though the code is there, how do we get that page to present itself again? Given that the "/protected" doesn't go anywhere anymore...

link

truthdemon 6.4 years ago

Can u see the code.. Wht r the size of the directories and files in it

link

FireWalkWithPodesta 6.4 years ago

I'm not 1337 Hax0r either but this is why you don't post it to the public if you find a potential vulnerability. Instead, try to find the Hax0r in this community and approach him with PM.

link