So MANY hidden directories on "Buck's Fishing and Camping" and "Comet Ping Pong" websites (pizzagate)

submitted ago by dicedtomatoes55-2

Hey guys, so after reading about the supposed password protected section of Buck's Fishing and Camping website, I decided to do a little bit of digging and researching myself on the sites that are connected to the restaurants connected to James Alefantis.

Playing around with both websites "bucksfishingandcamping.com" and "www.cometpingpong.com" on pentest-tools.com, the scan is coming back with over 1,100 hidden directories on each.

Now obviously some relate to squarespace (the host of the websites) and some relate to the javascript coding of the websites, but then there's some that are just named too odd to be related to either components. I may be wrong but here's some of them:

/benefits/

/girl/

/house/

/memberlist/

/training/

/asia

/forums

/guests

/iraq.bat

/jacob

/joinrequests

/kontakt.bat

/military

/movies.bat

Here's the problem for me. They're either deemed "Forbidden" or "Too Many Requests". I don't know enough internet smarts to get through them. Whatever the case may be, /iraq.bat and /military sound really fishy.

Oh and if anybody has any recommendations where I can upload the PDF for all to see, let me know. The last thing I need is for people calling this fake.

Fateswebb ago

I would be careful about running pentesting against websites that aren't yours. That's kinda a great area of legality. But having said that, thanks for doing it 😂

thewebofslime ago

So, I dug into all these websites along with a lot of others back when someone posted instructions on how to use xhydra to login into Comet Ping Pong. sli.mg screwed me when they went down, so you are going to have to take my word for some of it.

First, I used HTTrack to sownload everyone's websites that I thought could be relevant. That is when I found some weird stuff on lhohq with CIA planes and a rotating pedophocracy email list.

I found CP on easthamptonbabysitters.com which is run by infant masseuse, Kevin Reynolds, a friend of the Clintons. Kevin Reynolds also featured himself on Facebook masturbating into a lake. I submitted it to authorities who never responded, but I did notice that the CP was removed off the hidden end of the site. He also has a vacation concierge service that involves being sailed around on a boat.

Comet's login just had a list of files and each one needed a password. The files were encrypted and we got a couple, but I was never able to do anything with them.

They redid both websites after the shooter and the look is very different now. It is possible that they have set it up specifically to mess with people.

Evie's Crib was another one that seemed suspicious and, if I recall correctly, it seemed that the same hand made easthamptonbabysitters, Evies Crib, Comet and Bucks' sites, Pizza Packet, etc, the first clue being the 90's style web design between them all. I was at this skill level in high school, in creating sites and it was weird when you keep coming across crappy 90's style sites with the exact same stylistic choices and layout of pages.

Either way, they outsourced everything after that. I really don't think there is much to be found and I would recommend checking other sites provided by the same current services and compare their file structure, because it is probably the same. Whoever was doing the sites before isn't doing them now.

PrideOfOshtekk ago

I really don't want to see what's on that shit.

9217 ago

So....... why does a fishing and camping store need a "girl" and "movies" directory?? Not "ads," but "movies"?

.......

new4now ago

HTTP status code information

https://www.restapitutorial.com/httpstatuscodes.html

might help

cohanseybob ago

The default web page says to click here to search. Type *.p gives a lot of venues for punk rock bands and for profit events.

MadWorld ago

You could use httrack to mirror a website, preferably on the top of vpn with lower flow-control setting. It should not give you too many "Too Many Requests" stat.

JDN11DBAN ago

You can get around the "Too many requests" by setting your HTTP request user agent to look like the google crawler. - Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) - Or the mobile version of with this - DoCoMo/2.0 N905i(c100;TB;W24H16) (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html). I have had this work in the past. Good Luck!

MadWorld ago

Thanks for the tip!

dicedtomatoes55-2 ago

It didn't really help, just gave me back the things you see on the site (including the fonts and such) - that much could easily be figured out by right clicking on the page itself and going to "inspect".

MadWorld ago

I think the pen results you got is somewhat misleading. Many urls shared in your scribd list are dead. That can mean two things:

  1. Those files were already cleaned up.
  2. Or the pen test relied on the most commonly used words (a dictionary) to probe for directories/files and report the stats.

The problem with the latter is that an invalid url path could be interpreted as forbidden (code 403), with implication that the path itself actually exists. So if you go to https://www.cometpingpong.com/pay-to-play-pizza/kids/, it may give you the "403 Forbidden" stat code, which showed up on most of your links. It does not mean that there is actually a directory named pay-to-play-pizza on that website; it only means that you did not have the permission to poke this url path. I think this is something worth considering, before jumping to the conclusion or following down an empty path...

Of all the links in your list, may I ask which urls were valid?

Thanks!

@Vindicator, this may interest you.

SearchVoatBot ago

This comment was linked from this v/pizzagate comment by @think-.

Posted automatically (#14107) by the SearchVoat.co Cross-Link Bot. You can suppress these notifications by appending a forward-slash(/) to your Voat link. More information here.

dicedtomatoes55-2 ago

This sounds really plausible. But why would the two scans find different directories if the second option was the case ("Or the pen test relied on the most commonly used words (a dictionary) to probe for directories/files and report the stats.") Wouldn't the results be the same for each?

I have noticed that some that are in the results for Comet Ping Pong are not in the results for Buck's Fishing and Camping and vice versa.

The only url's that were completely valid off the list were the ones that you see and can click on when you go to the website.

MadWorld ago

This sounds really plausible. But why would the two scans find different directories if the second option was the case ("Or the pen test relied on the most commonly used words (a dictionary) to probe for directories/files and report the stats.") Wouldn't the results be the same for each?

The results would be different, if the pen test only runs a subset of the dictionary words. This may have to do with speeding up the pen test. Remember, it is a pen/probe test, it does not have to run at every combination.

I have noticed that some that are in the results for Comet Ping Pong are not in the results for Buck's Fishing and Camping and vice versa.

The only url's that were completely valid off the list were the ones that you see and can click on when you go to the website.

I would say running the pen test may be useful and speedy, but you should manually verify that the links are good, that the links actually point to meaningful files. It is not good enough to use the 403 code as an indicator. And when you do find a valid file, use the archive.fo to preserve its content. For some tricky websites that do not let you archive the links, you could use proxy sites to indirectly archive the sources. I have used this method several times for this purpose.

dicedtomatoes55-2 ago

Even though it says 403 or 429, it could lead somewhere?

MadWorld ago

429 means you are making too many requests and the site rejects the requests.

403 means the site has configuration in place, that forbids you for probing/discovering the directory path.

For the 429 code, you would have to try it at a slower pace, to see if it returns any other code. For the 403 code, you cannot know if the directory is valid or not. If you hit a valid file, however, you can still validate its existence. For example, http://cometpingpong.com/good-directory/ may give you a 403 code, but the http://cometpingpong.com/good-directory/pizza.php may give you a proper file. And this is how you verify the directory good-directory itself is actually valid. But without hitting a valid file, you may never know. Another exception is if the site is misconfigured to show directory listing, where all files are listed, simply by navigating to the directory in question.

To answer your question, yes, it could lead to somewhere. But that is unlikely to give you the desirable outcome. But if you have a good list of words in your dictionary, you could probe it through proxies, and do it gradually over a long period of time.

dicedtomatoes55-2 ago

Wow, thanks for the lesson. Good to know all this going forward. But, another question. For the 429's, what could be making all of the requests?

MadWorld ago

Wow, thanks for the lesson. Good to know all this going forward.

Happy to help! I should be thanking you for doing PG research!!! You may never know, but someday you could be the one saving those unfortunate kids!!

For the 429's, what could be making all of the requests?

This has to do with the pen test website that sends out too many requests within a short duration. For example, it sends out 20 URLs to probe for with in a few second. Websites do not like that and it could be perceived as an attack. It is also not very nice to drain a website's resource by making too many requests, because the site has to serve many users/customers, not just your pen test.

Thank you!!

dicedtomatoes55-2 ago

So a combination of my test plus customers/users is making those pages that currently say "too many requests" unusable. How could those specific pages once again become usable or when would I be allowed entry (if this is the case and I'm not reading all of this wrong).

telleveryoneyouknow ago

The bottom line really is to leave this to the professionals so you don’t get hurt.

Either that or study up on some non cp leads where you can practice and get proficient

MadWorld ago

The bottom line is, the website does not like any user making too many requests. Maybe you could try testing one url per 1 to 5 seconds. I am not sure if you have any control of this parameter, if tested through that pen tool website. If you do have this option, you could just rerun your pen test at a slower pace.

the_art_collector ago

stumbles while walking through thread, sending links flying into the air

https://www.shodan.io/

https://www.metasploit.com/

Oh crap. Sorry guys, I'm such a klutz. I'll just just be on my way.

dicedtomatoes55-2 ago

I really wouldn't know how to use either of those...

plagueship ago

post this to 8chan, anon will hack it if it can be done

evilwhitemale ago

Another way to find things like this, sometimes even deleted, is to use a wildcard search on archive.org:

https://web.archive.org/web//https://www.cometpingpong.com/

dicedtomatoes55-2 ago

I've been using that. I even tried inserting a few of the directory links onto the tail end of the regular url but nothing pops up.

evilwhitemale ago

My wildcard got turned into style there but there should be a star at the end, after the / - it lists all the files the archive has for the given domain.

dicedtomatoes55-2 ago

You mean like this? https://web.archive.org/web/ * /https://www.cometpingpong.com/

All I'm seeing is the screenshots, no files.

evilwhitemale ago

Yes, just without the space

NoRagrets ago

I'm by no means a 1337 Hax0r, but I did do some analysis on this many moons ago.
Perhaps someone with more talent could pick up where I left off.

https://voat.co/v/pizzagate/1492143/7247215

On both cometpingpong.com/protected and bucksfishingandcamping.com/protected the code is virtually identical, this code shows that the login button simply reloads the page but expects POST data.
See line 1 below.
The POST data is entered in the Password field.

This could probably quite easily be brute forced by someone more knowledgeable than myself.

<form action="" method="post" class="cc-protected-area">
<h1>
    Password-protected area
</h1>
<br/>
<br/>

<p class="cc-protected-note">
    This page is accessible with a valid password only.
</p>

<p class="cc-protected-note">
    <br/>
    Password:
</p>

<form>
    <input name="password" type="password" id="password"/> <input name="do_login" type="hidden" id="login" value="yes"/> <input type="submit" name="Submit" value="Log in" class="submitUser"/>
</form>
</form>

drowsybadger ago

Your right that is only looking for a pasword. Good stuff. Its time we all moved to the next level. I need into my student loan db to reset that shit to 2 dollars.

truthdemon ago

All u have to do to reset ur student loan to zero dollars...is instruct the debt reduction dept of theUS tressury and agree to use ur credit to get them to reduce their debt...in return for resseting and settling all charges against ur name and any future charges.. Get an acknowledgement that since u r going to bank with them to reduce their risk u are their surety with surety rights oveer them.. U signature and application created the loan ...not the govt or bank..its ur consent that created credit into existence for ur name ..which is a trust account ..

Try it with 2 dollars...and email the US treasury that u want to reduce their debt by 2 dollars ... Anyone on the planet can do it..i have confirmation by email from the US treasury..

Merkabaman ago

I dont understand, what do I do? What’re the steps?

truthdemon ago

See, the shills here dont like what im teaching u .. Look at the negative vote... They know this is the solution to make u untouchable to the authoritities ...and outiside thier authority...with u being the authority over the US.. They got us thinking we r their servants ...when we run the show , whether in peace or their war game... They always require our consent ... When we decide we dont want to play and lend our energy to the wwar game they lose their power...and we gain ours back from lending it to them...we run the game of peace.. I am going to charge a private individual for libel...and all damages will be paid to the US treasury..u can place similar charges on any public officials..including the pedovore inc.. We r the trump ... Its our game of peace...they have programmed us to pplay the game of war ...we cant tame that game ...but we can turn it off on them..by battling the self ...they become irrelevant

https://youtu.be/uAYPacrJnyQ

https://youtu.be/IR-l_TSjlEo

We have reached the summit...and lucifer is on his way down

truthdemon ago

First it involves a one sentence email to the debt reduction department if the US treasury... Asking whether when u provide credit or assets to reduce their debt that they will accept ur surety rights over them and thus agree to set off any charge in ur name , past , present and future.. .. First confirm that with them for urself or any group u want to form

Ure one email away from them acceppting ur offer.. They have to...the US is ur treasury..

Its no different than when u hand or loan over ur credit to the debt banking system..

One created more debt to survive... The other reduces debt for u to servive...

Which one do u choose...? War or peace

Merkabaman ago

Hi can I please talk to you more about this. My friends dad did a little bit he just died all of a sudden and couldn’t. He did this kind of stuff toatally legal but working the system. Id love to talk more and get to know how to maybe a website to read or steps I’m a very visual person and would like a guide on what to do.

truthdemon ago

First observe the response with the first email...if u are afraid let me know..i didnt have any problems ..

truthdemon ago

First email the Debt reduction department of the US treasury sayjng : U want to use ur credit to reduce their debt in return for setting of any charges in your name , including court charges... Ive emailed them and they respond in the positive... Its ur own choice what u do with ur credit.. First do the first email and the response will come within a day.. Then come back to me ..

Its the same process of giving a cheque or depositing a a fed note into a bank ..no difference ..

If u r afraid to send that one email, let me know

dicedtomatoes55-2 ago

Even though the code is there, how do we get that page to present itself again? Given that the "/protected" doesn't go anywhere anymore...

truthdemon ago

Can u see the code.. Wht r the size of the directories and files in it

FireWalkWithPodesta ago

I'm not 1337 Hax0r either but this is why you don't post it to the public if you find a potential vulnerability. Instead, try to find the Hax0r in this community and approach him with PM.

carmencita ago

You've got to get a link that connects to your post. Whatever you can find that backs up what you have written or your post will get tagged and eventually deleted. You have to source everything. Your post is important that's why I'm informing you.

dicedtomatoes55-2 ago

I put the links that I put in a reply to Gothamgirl in the main post. I hope that's good enough because that's what this post is all about.

carmencita ago

Looks good. You have content and links to source your post.

Vindicator ago

Thanks for helping, carmencita. :-)

carmencita ago

Sure :)

dicedtomatoes55-2 ago

Thanks, used scribd.com

Here's Comet Ping Pong and here's Buck's Fishing and Camping.

HRCisDONE ago

Get this shit over to the chans right fucking now. Pizzagate stuff is coming up again

dicedtomatoes55-2 ago

Someone else please do that. I don't have an account over there.

HRCisDONE ago

https://boards.4chan.org/pol/catalog Don't need an account. Don't input any personal information including name. Start a new thread

carmencita ago

Need some help here with the chans @Dressage2