利用google 半秒破 500 網!利用google 半秒破 500 網!
其實 google 搜尋器變了駭客工具也不是新聞,
老手早亦用到,新手的也可來試試。
只要將以下 字串 作搜尋的話,你都得到很多密碼,
當然若要得心應手便需要更多研究及借助其他軟件,
但初步先懂得去找。
-------------------------------------------------------------------------------------------
inurl:
inurl: 是駭客重要的搜尋方法,可搜到網址包括的關鍵字,
例如填上 allinurl:login password 作搜尋,便會很易找到有 login 和 password 的網頁。
-------------------------------------------------------------------------------------------
filetype:
filetype: 是駭客專用語法,例如想找 mdb 的數據庫檔案,可用 password filetype:mdb 作搜尋,
便會找到密碼文件,進階用法可配合 inurl: 使用,例如 girl filetype:jpg site:com 便可搜到所有標
題 .com 網站,而檔案為 girl.jp 或網頁內容有 girl 字串的。
-------------------------------------------------------------------------------------------
Index of /admin
搜到的結果大多數是容野峇嵺@ index browsing 的網站,隨便按下一個連結便看到網站的資料夾和
檔案分佈。
-------------------------------------------------------------------------------------------
"Index of /" +password.txt
有些站長會將密碼儲存成 password.txt 檔案,如配合 index browsing 的弁遄A將 google 的關
鍵字串成 "Index of /" +password.txt 作搜尋,便找到很多 password.txt
-------------------------------------------------------------------------------------------
以下還有更多輸入搜尋法,有時間可自行玩玩!
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/####/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."
top secret site:mil
confidential site:mil
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members or accounts
intitle:"index of" user_carts or user_cart
Google a Dream come true
****************************** ComSec ***********************************
article by: ComSec
date: 25.5.2003
Simplified
INTRO=========
a week or so back i had an e-mail from a friend (FLW) asking me if i had any
info on google search tips
he was surprised on the amount of info available and open via google...this
got me thinking , well i have seen many various search strings in several
papers....so i thought i would put them all together on the one page...and
up-date as new one are discovered...so if i missed any to be added to the
list please let me know and i shall add some more....
****************************************************************************
WARNING:::i hold no responsibility for what you do via the information
supplied here...this is for educational purpose only , use at your own risk
you have been warned
****************************************************************************
thanks
ComSec aka ZSL
SUMMERY=======
Everyone knows google in the security sector...and what a powerful tool it is,
just by entering certain search strings you can gain a vast amount of knowledge
and information of your chosen target...often revealing sensitive data...this
is all down to badly configured systems...brought on by sloppy administration
allowing directory indexing and accessing , password files , log entrys ,
files , paths ,etc , etc
Search Tips
so how do we start ?
the common search inputs below will give you an idea...for instance if you
want to search for the an index of "root"
in the search box put in exactly as you see it below
==================
example 1:
allintitle: "index of/root"
result:
google.com/search?hl=en" target="_blank" rel="external">http://www.google.com/search?hl=en&ie=ISO-8859-1&q=allintitle%3A+%22index+of%2Froot%22&btnG=Google+Search
what it reveals is 2,510 pages that you can possible browse at your will...
====================
example 2
inurl:"auth_user_file.txt"
google.com/search?num=100" target="_blank" rel="external">http://www.google.com/search?num=100&hl=en&lr=&ie=ISO-8859-1&q=inurl%3A%22auth_user_file.txt%22&btnG=Google+Search
this result spawned 414 possible files to access
here is an actual file retrieved from a site and edited , we know who the
admin is and we have the hashes thats a job for JTR (john the ripper)
txUKhXYi4xeFs|master|admin|Worasit|Junsawang|xxx@xxx|on
qk6GaDj9iBfNg|tomjang||Bug|Tom|xxx@xxx|on
with the many variations below it should keep you busy for a long time mixing
them reveals many different permutations
*************************************
SEARCH PATHS....... more to be added
*************************************
"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index
allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
inurl:passwd filetype:txt
inurl:admin filetype:db
inurl:iisadmin
inurl:"auth_user_file.txt"
inurl:"wwwroot/*."
top secret site:mil
confidential site:mil
allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members or accounts
intitle:"index of" user_carts or user_cart
AlterNATIVE INPUTS====================
_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.asp/
dvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
wwwboard.pl
www-sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
wwwstats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi
there are to many people to thank for the bits of information cut and pasted
and added to form this paper
most have been collected from various forums , txt , doc's etc...like to thank
you all, its not intended to rip anyone
its just a combo of various search inputs...put on the one Paper to use as
a reference.
EOF
====================================
http://comsec.governmentsecurity.org
http://governmentsecurity.org/forum
******* new members welcome ********
====================================