BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • ChatGPT: 5,000 Most Dangerous Files With Which You Can Easily Hack Websites

    Often, developers (perhaps due to their inattention) forget files in the root folders that can serve as a tool for attackers to hack a site or steal important information. These can be database copies, configuration files, or even source code files. Bug hunters periodically discover such vulnerabilities and send reports to bug bounty programs (programs for finding vulnerabilities for a fee).

    The most dangerous files according to ChatGPT

    The root folder is the part after the first slash in the site address. In simple terms, the attack on the root of the site looks like this: https://example.com/[part_of_the_URL_looked_by_the_intruder]. Its effectiveness directly depends on the list used by hackers (in our case, security researchers). The more relevant and complete the list, the higher the chances of finding the files left by the developers.

    If you directly ask ChatGPT for the names of potentially dangerous files, it will not respond. The conditions of OpenAI, the developer of the neural network, prohibit its use for malicious purposes, so ChatGPT will never teach hacking. However, if hackers get creative, they can get some useful information, in particular a list of the most important and common files in the root of sites. The list generated by ChatGPT for this request contains 5,000 files, including config.backup (which can store important site configuration information) and test-odbc.php (a file with testing the connection to the database).

    Some of the files it contains may have already been mentioned in the published fuzz.txt lists, and the researchers, as a rule, compiled them manually. This proves that the neural network has the right train of thought. For example, there is a similar white hacker Bo0oM sheet on GitHub. ChatGPT-fuzz.txt matches it by no more than 354 lines, otherwise it contains new files that were not previously seen by bug hunters.

    The uniqueness of this list is that ChatGPT provides information based on the analysis of a huge array of data from the Internet. A person physically cannot analyze the same amount of information as a neural network.

    Developers have to check sites before hackers arrive

    It is often said that recognizing a problem is half the solution. Website developers should think in advance about what they store in the root folder, and already now remove unnecessary files from there, and hide the necessary ones better. This will help prevent problems in the future. For example, what could be dangerous about leaking logs? Let's look at the example of a real case, which we managed to find using ChatGPT-fuzz.txt.

    In this case, the webhook_sms_log.txt file "leaked" the personal data of users, including mobile numbers and home addresses. One can only guess how attackers would use this information if they discovered the vulnerability first.

    In addition, developers should not use predictable filenames such as test.php or config.txt. Another recommendation that is relevant for both developers and information security specialists is to periodically re-audit sites. If you are responsible for the security of services, then you must tell the developers what the consequences for the company may be if they do not follow simple rules.

    Conclusion

    The potential of ChatGPT has not yet been fully exploited. Only now, information security specialists have an understanding of what kind of tool it is and how it can be used in work tasks. In addition to the names of the most dangerous files, using the neural network, you can determine popular headers, cookies, site configuration settings, and much more.

    It is important that as many bug hunters as possible start relying on lists similar to ChatGPT-fuzz.txt when searching for vulnerabilities. This will increase the security of the services that we use every day, and thereby make our world safer.

    Author DeepWeb
    New banking trojan TgToxic attacks Android users in Southeast Asia
    QBot operators now use OneNote to spread Trojan via email

    Comments 0

    Add comment