So MANY hidden directories on "Buck's Fishing and Camping" and "Comet Ping Pong" websites (pizzagate)

submitted ago by dicedtomatoes55-2

Hey guys, so after reading about the supposed password protected section of Buck's Fishing and Camping website, I decided to do a little bit of digging and researching myself on the sites that are connected to the restaurants connected to James Alefantis.

Playing around with both websites "bucksfishingandcamping.com" and "www.cometpingpong.com" on pentest-tools.com, the scan is coming back with over 1,100 hidden directories on each.

Now obviously some relate to squarespace (the host of the websites) and some relate to the javascript coding of the websites, but then there's some that are just named too odd to be related to either components. I may be wrong but here's some of them:

/benefits/

/girl/

/house/

/memberlist/

/training/

/asia

/forums

/guests

/iraq.bat

/jacob

/joinrequests

/kontakt.bat

/military

/movies.bat

Here's the problem for me. They're either deemed "Forbidden" or "Too Many Requests". I don't know enough internet smarts to get through them. Whatever the case may be, /iraq.bat and /military sound really fishy.

Oh and if anybody has any recommendations where I can upload the PDF for all to see, let me know. The last thing I need is for people calling this fake.

You are viewing a single comment's thread.

view the rest of the comments →

MadWorld ago

You could use httrack to mirror a website, preferably on the top of vpn with lower flow-control setting. It should not give you too many "Too Many Requests" stat.

dicedtomatoes55-2 ago

It didn't really help, just gave me back the things you see on the site (including the fonts and such) - that much could easily be figured out by right clicking on the page itself and going to "inspect".

MadWorld ago

I think the pen results you got is somewhat misleading. Many urls shared in your scribd list are dead. That can mean two things:

  1. Those files were already cleaned up.
  2. Or the pen test relied on the most commonly used words (a dictionary) to probe for directories/files and report the stats.

The problem with the latter is that an invalid url path could be interpreted as forbidden (code 403), with implication that the path itself actually exists. So if you go to https://www.cometpingpong.com/pay-to-play-pizza/kids/, it may give you the "403 Forbidden" stat code, which showed up on most of your links. It does not mean that there is actually a directory named pay-to-play-pizza on that website; it only means that you did not have the permission to poke this url path. I think this is something worth considering, before jumping to the conclusion or following down an empty path...

Of all the links in your list, may I ask which urls were valid?

Thanks!

@Vindicator, this may interest you.

SearchVoatBot ago

This comment was linked from this v/pizzagate comment by @think-.

Posted automatically (#14107) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.