30 July 2010

Pastebin Dumpster Diving

Many people like the idea behind the popular service Pastebin and the convenience offered on the spot with a couple of mouse clicks, nevertheless even more neglect the fact that any stored information will be publicly available for anyone.

As such, being a regular visitor of Pasterbin I tempt on clicking and viewing the recent posts made by other users and quite often I come across password dumps, lists of email addresses, lists of usernames, database connectivity parameters, internal IP addresses, device configuration files, online conversations, rapidshare links, private FTP/Web servers, and many many more...

So a simple way we could automate the process of visiting Pastebin and download all new posts for a closer lookup at a later time is using the following bash command:

for hash in `curl http://pastebin.com/ | grep clb_top | awk -F "\"" {'print $4'} | awk -F "\/" {'print $4'}`;do wget http://www.pastebin.com/download.php?i=$hash;done

The above can also be saved in a bash script and with the help of cron we could say call it every 1 minute from our home server, during an 8 hour period we will download maximum 3840 files (8 posts/per minute times 8 hours * 60 minutes = 3840 files)

Then, easily using grep we can scan those files for keywords (pass, user, email, @, mysql, connect, ssh, botnet etc) and who knows we might spot something interesting ;)