Posted: . At: 8:30 AM. This was 12 months ago. Post ID: 17990
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


A very useful Google Dork to find password caches on websites.

by

Password caches on websites can be very interesting. They contain the cached password hash of every user on a website if the containing folder is exposed on the Internet.

@pwcache/sorpresafgimenezzapiola
1
2
3
4

passwd:$1$I4FFc_NG$P3mZ/RBmcoAGPOv23QExI0
quota:52428800
strength:26
lastchanged:15098

This is an example file. This is using an MD5 hash, this is seriously outdated, but this is hardly a security-conscious website anyway.

Use this Google Dork to find these exposed folders on the Internet.

indexof: @pwcache/

Here is another example. But this is using SHA512 encryption. At least it is far better than MD5…

@pwcache/principal
1
2
3
4

passwd:$6$KbFU9BBHRTZlv6JO$jc24KpmbtDEsiTz7tWfpq0Gqaqf9Ur7EY6KuH3Qt/4jtrCYyhvzp808K5b67fhsEANxXysE9CJq4vuPyMEMbW.
quota:2143289344
homedir:/home/hinnovation/mail/thebssschool.com/principal
lastchanged:17344

There are so many of these on the Internet and a lot are still using easily cracked MD5 password hashes instead of SHA512. This is very concerning. But security on the Internet does not matter anyway, just give everyone free access to your passwords. They are fun to look at.

Yet another example. Using MD5…

@pwcache/sales
1
2
3
4
5

passwd:$1$iz81Pl5W$Y67oX44Synx2oLWayelX4/
quota:0
homedir:
strength:34
lastchanged:15497

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.