Somebody's gonna be really confused why their traffic spiked so much today lol
Somebody's gonna be really confused why their traffic spiked so much today lol
Except you can't download anything. At least I haven't been able to.
Sometimes enumeration itself is enough for a threat actor.
They took both sites down and removed all invite links from their Telegram channel. I think they noticed
May i ask as to where and how you discovered the websites?
Just Google index of /upload, and go to Google images, and use the recommended photos under a selected one to navigate through different websites You can add things like Index of /upload /id and try to find specific things
This guys got over a petabytes of movies and shows wtf
Yea. I also wonder if they have it all backed up
Over here with 1/20th of that like 'wonder how imma back that up'
I wouldn't be entirely surprised if this is a mount of an encrypted Google drive remote with rclone
It's very impressive, but there are multiple versions of many of the movies... like different distributions of the same thing, plus all the remuxes, x265 vs. x264 versions, etc.
So that space is not all occupied by unique movies.
Clicking the Capzlok banner, redirects to telegram group. Maybe join there and check what they're upto
Already checked. It’s expired
You can do this with https://oupala.github.io/apaxy/ which is basically a styling tool for apache indexing
But you will have to write your own css to make it look like this website.
This really looks interesting openhost Netflix 😁😁😁
can you share the url?
https://capzlok.cf/
Has anyone figured out how to download anything off of it? Looks like they are using the page as a searchable index of what they have but you can't get it from there.
Also looks like they have an rss channel/bot posting with just the filenames. Maybe a honeypot of some kind? https://en.tgchannels.org/channel/capzlokrss?start=23480
[deleted]
Oh cool, didn't know that. Thanks!
It's an open directory
Good call, if people want more of them check out r/opendirectories
Here's a sneak peek of /r/opendirectories using the top posts of the year!
#1: CALISHOT 2021-08: Find ebooks among 403 Calibre sites
#2: A few tips for the newcomers on this sub !
#3: [NSFW] An index of playboy magazines, it even has ones from 1953. | 56 comments
^^I'm ^^a ^^bot, ^^beep ^^boop ^^| ^^Downvote ^^to ^^remove ^^| ^^Contact ^^| ^^Info ^^| ^^Opt-out ^^| ^^GitHub
If you don't need the search and custom CSS, it's very simple.
Run this python command:
python
python -m SimpleHTTPServer 80
from the same folder where you store your files, and go to http://your_server_ip and voila.
For remote access, run a reverse-proxy to handle HTTPS, I strongly advise you to put some authentication such as basic auth (look into .htpasswd files), and you're done.
Edit: that command works with python2. For python 3, use this instead
python
python -m http.server 80
Btw that’s python2 which is deprecated. For Python 3 it’s:
python -m http.server 80
Unless they’re still running python2 obviously.
Huh, good to know. Thanks :)
I use a similar tool called h5ai https://larsjung.de/h5ai/ but as said above I wouldn’t exposed to the public internet without an access control.
If you need something quick and easy, Caddy has a file_server directive. It doesn't have full search, but it has a filter for the currently displayed directory. If you need authentication, you can throw basicauth on it.
Its basically an /r/opendirectory.
I want this! Pls tell this is real, I googled around and find it, but can't open it...
!remindme 18 hours
Thread on darkmode with icons for Everything https://www.voidtools.com/forum/viewtopic.php?t=8399
I personally run filebrowser. There's some built in security with account management, you can specify certain paths as public, and you can create public share links for files.
Apache: Enable Indexes. Or nginx: autoindex on. Not sure about adding a custom css, but if you dont care about the design those would be the simplest options
!remindme 48 hours
I will be messaging you in 2 days on 2022-03-03 14:16:24 UTC to remind you of this link
6 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)
|^(Info)|^(Custom)|^(Your Reminders)|^(Feedback)| |-|-|-|-|
nice
I'm confused as to what this is/what the goal is. Is this not what any file system shows you?
I host something similar, with Gossa. Not exposed to the internet of course, but works very well.
!remindme 10 hours
Interesting
It really is
Looks like they have multiple telegram channels. For rss, a bot and a channel that posts invite links
If you don't want to click the link above just search for @capzlok on telegram and you'll see multiple channels/bots. Ensure you click the see more or global search link
you can do this with directoryindex in apache.
https://stackoverflow.com/questions/30880975/how-to-style-directory-listings-with-apache-mod-autoindex-using-namewidth-html
You can do this with PHP all on your own quite easily.
Ok. I think I found it.
It's "Everything" by voidtools. It can create an HTTP server to access index from the browser: imgur.com/IiD3LLI.png
The site I posted just have some additional styling
I'd be very dubious about running that with public access as CAPZLOK has done. That search box looks like a big target for attempted RCE, expecially as this app requires to run as Administrator to index.
Wish you the best.
RCE? Is that like a sql Injection? Never mind I googled it. Sorry. Remote code execution. Nifty stuff
Remote code execution
If you use this make sure it's running isolated in a VM under a limited user account. Public services will be scanned constantly for vulnerabilities and a security issue could allow someone access to the server it's running on.
Got it working via https://voidtools.com/support/everything/http/ , then chapter : 'Change the default HTPP files'
Just copy the main.css from the Capzlok page via https://capzlok.cf/main.css and save in the same directory.
You can copy icons via the same route as mentioned above.
Thanks for the lead! ;)
Would you mind sharing the .css file? Site seems down right now.
I copied the main.css its not working can you help
That's totally different, and not a permanent solution. It's a great tool though! I used it a lot on windows
Wdym? This is what they are using. Compared HTML content from both sites and the structure is the same
It's just the general apache file and directory indexing page. You can just install a simple apache server and run this more easily. Everything just happens to use this indexing feature
While you are correct, you can just some of this with apache index or better nginx fancyindex, you will not get the search function though. /u/S_E_V_I does looks to be correct that this app looks like Everything. Searching the site code it has multiple references to Everything. Logo in the middle is even named everything.gif. Looks like a custom Skinned Everything HTTP server.