Password caches on websites can be very interesting. They contain the cached password hash of every user on a website if the containing folder is exposed on the Internet.
1 2 3 4 | passwd:$1$I4FFc_NG$P3mZ/RBmcoAGPOv23QExI0 quota:52428800 strength:26 lastchanged:15098 |
This is an example file. This is using an MD5 hash, this is seriously outdated, but this is hardly a security-conscious website anyway.
Use this Google Dork to find these exposed folders on the Internet.
indexof: @pwcache/ |
Here is another example. But this is using SHA512 encryption. At least it is far better than MD5…
1 2 3 4 | passwd:$6$KbFU9BBHRTZlv6JO$jc24KpmbtDEsiTz7tWfpq0Gqaqf9Ur7EY6KuH3Qt/4jtrCYyhvzp808K5b67fhsEANxXysE9CJq4vuPyMEMbW. quota:2143289344 homedir:/home/hinnovation/mail/thebssschool.com/principal lastchanged:17344 |
There are so many of these on the Internet and a lot are still using easily cracked MD5 password hashes instead of SHA512. This is very concerning. But security on the Internet does not matter anyway, just give everyone free access to your passwords. They are fun to look at.
Yet another example. Using MD5…
1 2 3 4 5 | passwd:$1$iz81Pl5W$Y67oX44Synx2oLWayelX4/ quota:0 homedir: strength:34 lastchanged:15497 |