Finty Google

07.05.2008, 07:28, FINTY


Určite ste už niekedy počuli o "google hackingu". Tento článok by Vám mal priblížit princípy vyhľadávania google a príklady možného využitia či zneužitia .

Princip vyhledávání

Když do Googlu zadáte hledaný výraz, Google zkouší najít hledaná slova. Aby byl výsledek přesnější, vypouští mnohdy z dotazu běžná slova jako: ‚then' ‚how' nebo ‚where'. Pokud chcete aby tyto slova Google do dotazu zahrnul, použijete operátor +. Takže například: +then, +how, +where . . . Opačný případ je operátor -. Jestli chcete nějaké slovo z dotazu vypustit, umístíte před něho znaménko mínus (bez mezery). (-then,-how,-where. .) K vyhledávání celých frází či vět stačí hledaný výraz uzavřít do dvojtých uvozovek. ("plné hry ke stažení zdarma" . .)

Pokročilé operátory

Jestliže chcete získat přesnější výsledky při hledání, využijete právě tyto operátory. Syntaxe je jednoduchá - operátor:termín (bez mezer mezi operátorem, dvojtečkou a termínem!)

- site: (hledání výrazu pouze na určité stránce)

Tento operátor slouží k vyhledání výrazu pouze na určité síti - stránce. Využití je jednoduché. Jestliže chcete například vyhledat slovo "auto" na stránce www.auto.cz, napíšete do googlu: site:www.auto.cz auto. Tedy operátor, termín, mezeru a hledané slovo. Termíny můžete dále kombinovat (site:www.auto.cz "auto na leasing" . .)

- filetype: (hledání výrazu v určitém typu obsahu)

Když například hledáte nějakou mp3, video, návod, knihu v PDF či jiný typ, použijete tento operátor. Pokud třeba hledáte knížku "google hacking", v elektronickém formátu, napíšete: filetype:pdf "google hacking" Na vyhledání například mp3 od eminema by jste čekali asi něco jako: filetype:mp3 eminem. Google sice termín "mp3" nepoužívá, ale dá se vytvořit jiný dotaz, které tyto výsledky přinese. Například: -inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(.mp3|.wma) "eminem" Tento dotaz Vám vyhledá hudbu v typech mp3 a wma. Hledanou písničku, či interpreta napíšete do uvozovek na konci dotazu. :)

termíny, kterí se dají použít v operátoru "filetype"

  1. Adobe Portable Document Format (pdf)
  2. Adobe PostScript (ps)
  3. Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
  4. Lotus WordPro (lwp)
  5. MacWrite (mw)
  6. Microsoft Excel (xls)
  7. Microsoft PowerPoint (ppt)
  8. Microsoft Word (doc)
  9. Microsoft Works (wks, wps, wdb)
  10. Microsoft Write (wri)
  11. Rich Text Format (rtf)
  12. Shockwave Flash (swf)
  13. Text (ans, txt)

- link: (hledání odkazů na danou stránku)

Tento operátor Vám ukáže, jak a které stránky odkazují na určitou stránku. Možnost využití: link:www.bonznito.cz

- cache: (zobrazení stránky z archívu)

Tento operátor využijete buď, pokud si chcete stránku prohlédnout "přes proxy server" - google, tzn. cílová stránka neuvidí Vaši IP adresu, pouze si zobrazíte záznam o stránce, který má v databázi google. (utajíte se pouze v případě, pokud si Váš prohlížeč nestáhne z daného cíle obrázky atd.) Hodí se to taky, když už daná stránka neexistuje. Využití: cache:www.bonznito.cz pokud by stránka nebyla v databázi nebo by jste si chtěli prohlédnout delší historii, změny na stránce, navštivte Way back machine a do políčka zadejte stránku, o kterou máte zájem.

- intitle: (hledání v názvu stránky)

Tento operátor prohledává názvy stránek (title). Pokud totiž nějaká stránka má hledaný výraz v názvu, pravděpodobně o něm píše. Použití: intitle:"google hacking"

- inurl: (hledání v internetové adrese - URL)

Má mnoho využití. Hodí se taky na hledání obsahu, protože většina URL jsou čistých, tzn. používají v odkazu klíčová slova. Ale taky se to dá využít jinak. Například při hledání někoho na internetu (profil). Pokud totiž má někdo profil na netu (libimseti.cz, lide.cz . . .) tak většinou jeho nick je právě v url (Například www.libimseti.cz/NEJAKYNICK). Sice by jste asi profil našli normálně napsáním nicku, ale pokud ho nevíte přesně, třeba jen z části, hodí se to. :) Ale to byl jen příklad, fantazii se meze nekladou. ;)

Vyhledávání adresářové struktury

Výpisy adresářů mnohdy slouží k tomu, aby si uživatelé mohly stáhnout nějaké soubory. Ale není tomu tak vždy. Třeba výpis slouží pouze pro admina nebo chybí index.html, takže místo HTML stránky se zobrazí právě výpis adresáře. Někdy jsou taky výpisy adresáře použity jako dočasné uložení souborů. Ve většině případů je tento výpis označen jako "index of", takže to má i v titulku (názvu) stránky. Tyto výpisy tedy nalezneme takto: intitle:index.of "hledaný výraz". Mezi index a of je tečka proto, že vždy za mezerou po termínu je hledaný výraz, takže je mezera nahrazena tečkou. Ikdyž zadáte hledaný výraz, i tak mnohdy nenaleznete, co jste hledali a to proto, že pokud daná stránka píše o něčem, má v titulku "index of", popřípadě o hledaném výrazu píše i v obsahu, nalezne ji Google taky. Toto hledání můžeme zužit tak, že napíšeme ještě různé slova, které výpisy obsahují, tedy například velikost(size), jméno(name), rodičovská složka (parrent directory). Takže například: intitle:index.of name size "eminem". Tento hledaný výraz Vám ukáže výpisy adresářů, které obsahují někde slovo "eminem" ;) . Takže mp3jky a videa. Lze tak ale najít spoustu jiných věcí :) .

Zjištění softwaru webového serveru

Asi nejlehčí způsob je, že použijete předchozí techniku procházení adresářové struktury, ale s tím rozdílem, že nepoužijete name, size, ale výraz, který se vyskytuje na konci výpisu adresářů. Takže "server at". A zkombinujete dotaz s adresou, o kterou se jedná. Takže pokud například chcete zjistit, na jakém softwaru běží společnost www.aol.com, napíšete: intitle:index.of server.at site:aol.com :) . Taky tuto techniku můžete využít, pokud hledáte určitou verzi softwaru a je Vám jedno, na které stránce běží. Například hledáte server, kde běží apache 1.3.0, ale musí mít povolený výpis adresářů. : intitle:index.of "Apache/1.3.0 Server at" Někdy tak zjistíte i verzi operačního systému. (Pokud by Vás zajímaly tyto informace o nějakém serveru co nemá výpis povolený, můžete použít Nmap 8-) nebo taky defaultní stránky webového serveru s oznámením, že server běží.

příklady

  1. Apache 1.3.0 - 1.3.9 Intitle:Test.Page.for.Apache It.worked! this.web.site!
  2. Apache 1.3.11 - 1.3.26 Intitle:Test.Page.for.Apache seeing.this.instead
  3. Apache 2.0 Intitle:Simple.Page.for.Apache Apache.Hook.Functions
  4. Apache SSL/TLS Intitle:test.page "Hey, it worked !" "SSL/TLS-aware" Internet Information Services (IIS) od Microsoftu je také dodáván s defaultními webovými stránkami. Dotazy, které lokalizují standartní webové stránky IIS webserveru jsou:
  5. Mnoho intitle:welcome.to intitle:internet IIS
  6. Neznámé intitle:"under construction" "does not currently have"
  7. IIS 4.0 intitle:welcome.to.IIS.4.0
  8. IIS 4.0 allintitle:welcome to Windows NT 4.0 Option Pack
  9. IIS 4.0 allintitle:welcome to Internet Information Server
  10. IIS 5.0 allintitle:welcome to Windows 2000 Internet Services
  11. IIS 6.0 allintitle:welcome to Windows XP Server Internet Services
pokud vyhledáme servery od Microsoftu, nezískáme jen verzi webového serveru, ale taky verzi operačnho systému a jednotlivých patchů v něm.

A nakonec pár příkladů hledání hesel:

filetype:url +inurl:"ftp://"+inurl:"@"            -FTP záložky allinurl:auth_user_file.txt            -DC fórum "sets mode: +k"            - Hesla kanálu IRC filetype:pwd service            -Microsoft frontPage "#-FrontPage-" inurl:service.pwd           - -||- inurl:passlist.txt            -  :) filetype:sql password           -hesla k SQL databázi filetype:bak inurl:"htaccess|passwd|shadow|hunters"    -zálohy souborů inurl:password.log filetype:log            -logy "index.of/" "ws_ftp.ini" "parent directory"      -ws_ftp

Pokud jste se dočetli až sem, čeká Vás odměna . .

V přiložených souborech najdete seznamy "pár" dotazů a program na automatické generování dotazu pro WINDOWS je ke stažení ZDE a na LINUX TADY. :) Umí vyhledávat hudbu, hesla, software, knihy v elektronické podobě, proxy servery, torrenty, videa, texty písní, cache (archív stránek), typy písem, webhostingy, odkazy, objekty na mapě a další vychytávky ;) PRILOHA 1: --------------------------------------------------------------------------------------------------------------------- inurl:index.of.password Directory listing contains password file(s)? intitle:"Index of" service.pwd Directory listing contains service.pwd file(s) intitle:"Index of" view-source Directory listing contains view-source file(s) intitle:"Index of" admin Direcory listing contains administrative files or directories intitle:"Index of" .htpasswd Directory listing contains .htpasswd file! intitle:"Index of" log.txt Directory listing contians log text files intitle:"Index of" stats.html Directory listing contains stats.html which may contain useful web server statistics "access denied for user" "using password" Web page contains error message which might provide useful application information "A syntax error has occurred" filetype:ihtml Web page contains error message which might provide useful application information "ORA-00921: unexpected end of SQL command" Web page contains error message which might provide useful application information inurl:passlist.txt The passlist.txt file may contain user passwords "Index of /backup" Directory may contain sensitive backup files intitle:"Index of" .bash_history Directory listing contains bash history information intitle:"Index of" index.html.bak Directory listing contains backup index file (index.html.bak) intitle:"Index of" index.php.bak Directory listing contains backup index file (index.html.bak) intitle:"Index of" guestbook.cgi Directory listing contains backup index file (index.html.bak) intitle"Test Page for Apache" Default test page for Apache intitle:index.of.etc Directory listing of /etc ? filetype:xls username password XLS spreadseet containing usernames and passwords? "This file was generated by Nessus" Nessus report! intitle:"Index of" secring.bak Secret key file intitle:"Terminal Services Web Connection" Access terminal services! intitle:"Remote Desktop Web Connection" Access Remote Desktop! intitle:"Index of" access_log Directory listing contains access_log file which may store sensitive information intitle:"Index of" finance.xls Directory listing contains finance.xls which may contain sensitive information intitle:"Usage Statistics for" Statistical information may contain sensitive data intitle:"Index of" WSFTP.LOG WSFTP.LOG file contains information about FTP transactions intitle:"Index of" ws_ftp.ini The ws_ftp.ini file may contain usernames and passwords of FTP users "not for distribution" confidential URL may contain confidential or sensitive information "phpMyAdmin" "running on" inurl:"main.php" phpMyAdmin allows remote mysql database administration "#mysql dump" filetype:sql mysql database dumps "This summary was generated by wwwstat" Database statistics "Host Vulnerability Summary Report" Vulnerability report! "Network Vulnerability Assessment Report" Vulnerability report! inurl:php.ini filetype:ini The php.ini file may contain sensitive PHP environment details. BEGIN (CERTIFICATE|DSA|RSA) filetype:key Private key(s)! BEGIN (CERTIFICATE|DSA|RSA) filetype:csr Private key(s)! BEGIN (CERTIFICATE|DSA|RSA) filetype:crt Private key(s)! intitle:"Index of" passwd passwd.bak passwd file! intitle:"Index of" master.passwd master.passwd file! intitle:"Index of" pwd.db pwd.db file may contain password information intitle:"Index of..etc" passwd passwd file! filetype:cfg ks intext:rootpw -sample -test -howto This file may contain the root password (encrypted) intitle:"index.of.personal" Directory may contain sensitive information intitle:"Index of" login.jsp The login.jsp file may contain database username or password information intitle:"Index of" logfile Directory may contain sensitive log files filetype:php inurl:"viewfile" -"index.php" -"idfil File may contain PHP source code allinurl:intranet admin Page may contain sensitive information "supplied argument is not a valid MySQL result resource" mysql error message may reveal sensitive information "Error Diagnostic Information" intitle:"Error Occurred While" Error message may reveal sensitive information HTTP_USER_AGENT=Googlebot Page may contain sensitive environment details PRILOHA 2: --------------------------------------------------------------------------------------------------------------------- ++++Using google to hack, crack, and just plain find what you need!++++ ++++This tutorial was written by Autism of SDN- www.smart-dev.com++++ ++++You can freely distribute this tutorial to anyone you know.++++ ++++You can even tell them you wrote it ;)++++ #Before we begin, I strongly recommend reading through http://www-db.stanford.edu/~backrub/google.html #This article will help you understand the inner workings of a search engine (if you're not already ereet) #I added a copy of this article to the end of this text, so just scroll down a little ways :) What is this tutorial about? -It's about using google to get the information you need, fast Why should I read it? -Because at the end of this tutorial, you'll be able to use google to find WHATEVER you need! Why are you writing it? -Because all of the ereet programmers at irc.smart-dev.com/irc.zoite.net are tired of people asking us questions, when they could just ask lord google Do I need to gather any tools for this tutorial? -A web browser (i.e. lynx, mozilla), and confidence in the fact that you aren't inept Now the 'tutorial' Google is the shit. You can find virtually ANYTHING you want with it. "Š2003 Google - Searching 3,083,324,652 web pages" as of Sunday, February 16, 2003! I use google for pretty much anything. Any question you have can be answered 90% of the time in the first 20 results, if you search properly. In the next few sections I will be going over some basic/advanced/UBER COOL techniques for searching. I.Getting started -Open your web browser, and goto www.google.com (if it isn't your homepage, which it should be!) -Now, click on preferences- Most of this should be fine preset, but make sure you fill in the "do not filter my search results," and select 100 results per page from the drop down menu, then fill in the last bubble (if thats your thing). Click save preferences (note: they will only be saved if you have cookies enabled). -Now that you have everything set up, let's see everything google has to offer (because google has a slew of useful tools). First theres the web search, which is the topic of this article. After that theres the image search, which is pretty useful if you want to find a picture of someone you know (I will go into detail later on), or if you just wannt to find some free porn! Sicko. Next up: Groups. I LOVE this feature! You can search year, and years, and years, of posts on USENET discussion boards. I have gotten SO much valuable information (mostly stuff to help me crack my target) just by using this feature. I will also go indepth on this feature as well. Next to last: Directory searching. This is pretty useful if you want to find information on a TOPIC. For instance if you wanted to do a biology project on genetic disorders you would use this. Last up: News. This is a fairly new feature, added a few months ago. It tells you how recent articles are (by the hour, pretty cool!). You can look at world news on World, U.S., buisness, Science/Tech, Sports, Entertainment, and Health. II.Google for Web searches (BASIC) -Well, you've got a broad sense of what google does, so lets get right into the specifics! I can hardly wait! A. Deciding on keywords -Try specific keywords first (i.e. search for elephant as opposed to animals) -Make searches as specific as you can. -Keep searches as specific as you can! +Note: The more specific you want your search to be, the more words you need, and you'll get less results (this can be a bad or good thing) B. How it works -When you search for hacker tutorials, google interprets it as hacker AND tutorials, so it returns only pages with all of the keywords you entered by default -When you search for tutorials for hackers, the word for is omitted, as are all other words like if, a, who, what, when, where, and how. If you need to include a common word in your search phrase use a '+' before the common word. Your search is now tutorials +for hackers. +note: google is not case sensitive +note: google does not use wildcards (searching for googl* will not return google) (ADVANCED) A. ""'s -Using quotations is probably the most important part of an advanced search. You can really control the results of your search using quotes. When you use quotes, all of your results will contain the exact phrase. So if you were to search "Tutorial for hacking" Google would search 3,083,324,652 web sites for that exact phrase. -You can put part of your search in quotes, and the other a regular search. For instance, if I wanted to find out what pages my friend that just happens to be a girl is on the internet, I would search "Firstname Lastname" Thomas Dale. This would search for the exact phrase "her name" and then it would search for any pages that contained the words Thomas Dale(Thomas Dale is my highschool). +Find me! My name is alejandro(alex), and i'm part of the smart-dev community ;) B. "-"'s -Using '-' to omit results. Perhaps you're searching for a new type of password file, for a new webserver. The password file is called passwerd.db, but when you do a simple in title search(just keep reading, you'll understand later) all you get is a bunch of results that turn out to be a config file that has syntax referring to passwerd.db. Lets say this config file is named config(go figure). Omit this from your search simply by searching searchstring -config and viola you get a list of sites that display passwerd.db to the public! You can also use the boolean term NOT. (HACKING/CRACKING) Yay! This is why I wrote this article! INTRO TO HACKING/CRACKIGN WITH GOOGLE -Many of you probably already know this, but you can hack/crack with google. I use it in 100% of the hacks/cracks I perform. You can use google to help you hack/crack in a few different ways. I will discuss these in the sections below ("no shit!") A. intitle: -This is a built in function in google that searches for your phrase in the title of a web page. The title of a webpage is in the upper left of your current window. (you should see google.txt if someone hasnt changed the name). This is useful if you want to find something VERY specific. -examples: intitle:"billing" intitle:"payments" intitle:"passwd" B. Directory Indexing -One GREAT trick is to find sites that allow directory indexing. This can be done by searching intitle:"index of" phrase. Your mind should now be about to explode with the possibilities this could hold. If it doesn't, that's ok, because if you look at the end of this article you'll see i've provided you with an uber cool list! Here are some basic phrases you can use: intitle:"index of" "passwd" OR "passwd.txt" OR "AutismIsSoCool!". This searches for files named passwd or if that isnt found, searches for passwd.txt or if that isnt found searches for AutismIsCool! Think original, and you can come up with the coolest stuff! I'm not just talking about passwords... I'm talking about warez, passwords, and even credit card numbers!!! (although to be honest it's not easy ;)) C. allinurl: -Guess what this does! Basically I use this when I want to find a piece of software. When i'm at school we have some stupid web site filter, that doesn't allow me to download AIM (AOL instant messenger uhhh tm) so basically I just do a search for allinurl:"aim.exe" and I get to take my pick! This can also be used for passwd, passwd.txt, and so on D. Cache -Perhaps you have been searching for intitle:"index of" etc/shadow, and you see what looks like a valid shadow file in your results list, but you cant access it, because you arent root, or whatever. Well thanks to google cache, it may be possible for you to view this file. Just click the little chached link under the result! +note: this doesnt work 100% of the time E. Collecting info on your target -You can use google to find all sorts of juicy information about your target. For instance, if you wanted to know what @target.com addresses were on the site, just search "@target.com" site:www.target.com. You should get a nice list of email addresses. (these can double as usernames for other things besides emails) -GOOGLE GROUPS is a great way to get info on a target. Just click the groups tab and search for @target.com, and you will see everything anyone from your target has EVER posted on a usenet board! This is a real good one! THATS IT! THAT'S THE WHOLE TUTORIAL! Summary: Well I hope you learned something from this article. Wether you were a complete noob, an advanced internet user, or an ereet hacker, I tried to teach you all something. Remember- don't ever give up after only a few minutes of searching... You'll get the right combination of keywords sooner or later. Just try to imagine what words you would use for the item you are trying to find ;). Now GO! I officialy deem you "Google lord!" (APPENDIX A) -This is a list of all the cool searches I've found over the years -PLEASE add to it! add your searches, and put the date you added it next to the search, then upload it somewhere allinurl: winnt/system32/ (get cmd.exe) intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart **GOOD ONE! -and hey! wouldnt you know it! someone has already taken care of the rest of this appendix for me! Thanks Johnny! /*/*/*The following list was taken from johnny.ihackstuff.com*** _vti_inf.html service.pwd users.pwd authors.pwd administrators.pwd shtml.dll shtml.exe fpcount.exe default.asp showcode.asp sendmail.cfm getFile.cfm imagemap.exe test.bat msadcs.dll htimage.exe counter.exe browser.inc hello.bat default.asp dvwssr.dll cart32.exe add.exe index.jsp SessionServlet shtml.dll index.cfm page.cfm shtml.exe web_store.cgi shop.cgi upload.asp default.asp pbserver.dll phf test-cgi finger Count.cgi jj php.cgi php nph-test-cgi handler webdist.cgi webgais websendmail faxsurvey htmlscript perl.exe wwwboard.pl www-sql view-source campas aglimpse glimpse man.sh AT-admin.cgi AT-generate.cgi filemail.pl maillist.pl info2www files.pl bnbform.cgi survey.cgi classifieds.cgi wrap cgiwrap edit.pl perl names.nsf webgais dumpenv.pl test.cgi submit.cgi guestbook.cgi guestbook.pl cachemgr.cgi responder.cgi perlshop.cgi query w3-msql plusmail htsearch infosrch.cgi publisher ultraboard.cgi db.cgi formmail.cgi allmanage.pl ssi adpassword.txt redirect.cgi cvsweb.cgi login.jsp dbconnect.inc admin htgrep wais.pl amadmin.pl subscribe.pl news.cgi auctionweaver.pl .htpasswd acid_main.php access.log log.htm log.html log.txt logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm wwwstats.html source.asp perl mailto.cgi YaBB.pl mailform.pl cached_feed.cgi global.cgi Search.pl build.cgi common.php show global.inc ad.cgi WSFTP.LOG index.html~ index.php~ index.html.bak index.php.bak print.cgi register.cgi webdriver bbs_forum.cgi mysql.class sendmail.inc CrazyWWWBoard.cgi search.pl way-board.cgi webpage.cgi pwd.dat adcycle post-query help.cgi /*/*/*End johnny.ihackstuff.com*** I hope you read through the WHOLE article! Greetz to www.smart-dev.com www.zoite.net www.neonegroleague.com and all mah buds in #sdn You can reach me at: autism@neonegroleague.com OR autism@smart-labs.net -Autism PRILOHA 3: --------------------------------------------------------------------------------------------------------------------- Google a Dream come true ****************************** ComSec *********************************** article by: ComSec date: 25.5.2003 Simplified INTRO========= a week or so back i had an e-mail from a friend (FLW) asking me if i had any info on google search tips he was surprised on the amount of info available and open via google...this got me thinking , well i have seen many various search strings in several papers....so i thought i would put them all together on the one page...and up-date as new one are discovered...so if i missed any to be added to the list please let me know and i shall add some more.... **************************************************************************** WARNING:::i hold no responsibility for what you do via the information supplied here...this is for educational purpose only , use at your own risk you have been warned **************************************************************************** thanks ComSec aka ZSL SUMMERY======= Everyone knows google in the security sector...and what a powerful tool it is, just by entering certain search strings you can gain a vast amount of knowledge and information of your chosen target...often revealing sensitive data...this is all down to badly configured systems...brought on by sloppy administration allowing directory indexing and accessing , password files , log entrys , files , paths ,etc , etc Search Tips so how do we start ? the common search inputs below will give you an idea...for instance if you want to search for the an index of "root" in the search box put in exactly as you see it below ================== example 1: allintitle: "index of/root" result: http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+% 22index+of%2Froot%22&btnG=Google+Search what it reveals is 2,510 pages that you can possible browse at your will... ==================== example 2 inurl:"auth_user_file.txt" http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A% 22auth_user_file.txt%22&btnG=Google+Search this result spawned 414 possible files to access here is an actual file retrieved from a site and edited , we know who the admin is and we have the hashes thats a job for JTR (john the ripper) txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on with the many variations below it should keep you busy for a long time mixing them reveals many different permutations ************************************* SEARCH PATHS....... more to be added ************************************* "Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb allinurl:/cgi-bin/ +mailto administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype:doc allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov inurl:passwd filetype:txt inurl:admin filetype:db inurl:iisadmin inurl:"auth_user_file.txt" inurl:"wwwroot/*." top secret site:mil confidential site:mil allinurl: winnt/system32/ (get cmd.exe) allinurl:/bash_history intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart ALTERNATIVE INPUTS==================== _vti_inf.html service.pwd users.pwd authors.pwd administrators.pwd shtml.dll shtml.exe fpcount.exe default.asp showcode.asp sendmail.cfm getFile.cfm imagemap.exe test.bat msadcs.dll htimage.exe counter.exe browser.inc hello.bat default.asp dvwssr.dll cart32.exe add.exe index.jsp SessionServlet shtml.dll index.cfm page.cfm shtml.exe web_store.cgi shop.cgi upload.asp default.asp pbserver.dll phf test-cgi finger Count.cgi jj php.cgi php nph-test-cgi handler webdist.cgi webgais websendmail faxsurvey htmlscript perl.exe wwwboard.pl www-sql view-source campas aglimpse glimpse man.sh AT-admin.cgi AT-generate.cgi filemail.pl maillist.pl info2www files.pl bnbform.cgi survey.cgi classifieds.cgi wrap cgiwrap edit.pl perl names.nsf webgais dumpenv.pl test.cgi submit.cgi guestbook.cgi guestbook.pl cachemgr.cgi responder.cgi perlshop.cgi query w3-msql plusmail htsearch infosrch.cgi publisher ultraboard.cgi db.cgi formmail.cgi allmanage.pl ssi adpassword.txt redirect.cgi cvsweb.cgi login.jsp dbconnect.inc admin htgrep wais.pl amadmin.pl subscribe.pl news.cgi auctionweaver.pl .htpasswd acid_main.php access.log log.htm log.html log.txt logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm wwwstats.html source.asp perl mailto.cgi YaBB.pl mailform.pl cached_feed.cgi global.cgi Search.pl build.cgi common.php show global.inc ad.cgi WSFTP.LOG index.html~ index.php~ index.html.bak index.php.bak print.cgi register.cgi webdriver bbs_forum.cgi mysql.class sendmail.inc CrazyWWWBoard.cgi search.pl way-board.cgi webpage.cgi pwd.dat adcycle post-query help.cgi there are to many people to thank for the bits of information cut and pasted and added to form this paper most have been collected from various forums , txt , doc's etc...like to thank you all, its not intended to rip anyone its just a combo of various search inputs...put on the one Paper to use as a reference. EOF ==================================== http://comsec.governmentsecurity.org http://governmentsecurity.org/forum ******* new members welcome ******** ==================================== AUTOR: Myst1c
 
« Späť


Diskusia: "Finty Google"
Dátum: Meno: Komentár:
07.06.2010, 14:06 Jack
Pridať komentár | Zobraziť všetky komentáre




Propagujte aj svoju stránku

 

Kúpte si letenku!