如何利用google入侵总结篇

在08年2月的一个RSA会议上,McAfee主管风险管理的高级副总裁George Kurtz进行了一些非常有趣的演示,而所有这些都是在google的数据库中发现的:
如果你输入[intitle:"Remote Desktop Web Connection"]你会发现… …很多你可以接管的远程桌面。
在George Kurtz的一系列演示中,他清楚的显示了如何直接键入查询以获得用户名和密码,同样简单的是你只要搜索[ssn 111111111..999999999 death records]就可以得到很多社会保险号码。
在google中搜索[inurl:robot.txt],你将发现网站不想对外公开的文件和目录,例如Google MBD就是这样被发现的。
下面详细说下如何利用google先进的语法进行有效查询:
[ intitle: ]
按标题搜索帮助google限定了你搜索的结果,只有那些标题含有你指定的关键词的页面会返回给你。例如“intitle: login password” 会返回标题含有login,而页面里面随便什么地方含有password的网页给你。
当 你想在标题里面搜索超过2个词的时候,你可以使用“allintitle:” ,当然也可以使用“intitle” 来代替搜索,“intitle: login intitle: password” 和“allintitle: login password”的搜索结果是一样的。
[ inurl: ]
按 链接搜索返回那些网址url里面包含你指定关键词的页面。例如“inurl: passwd” ,返回那些网址url里面包含你指定关键词passwd的页面。同上,如果你想在网址里搜索多个关键词,你可以使用 “allinurl:”语法。例如“allinurl: etc/passwd“ 会搜索网址里含有etc和passwd的网页,斜杠“/”会被google忽略。
[ site: ]
语法“site:” 只搜索指定网域里的关键词,例如“exploits site:hackingspirits.com”将搜索hackingspirits.com网站上的所有包含exploits的页面。
[ filetype: ]
按 指定文件类型即后缀搜索(例如doc、pdf或ppt等等)。例如“filetype:doc site:gov confidential”将搜索所有 .gov的政府网站上的.doc文件和含有confidential关键字的页面,或者是.doc文件里面含有关键字confidential的页面,这 意味着搜索结果将返回政府网站上所有机密的.doc文件。
[ link: ]
按引用搜索将列出所有包含特定链接的页面,例如 “link:www.securityfocus.com”将列出所有包含指向 Securityfocus主页的网址的页面。
[ related: ]
按相似搜索将列出与指定网页相似的页面,例如“related:www.securityfocus.com”将返回与Securityfocus筑页相似的页面。注意在“related:”与网址间不可以有空格。
[ cache: ]
网 页快照,google将返回给你他储存下来的历史页面。如果你同时指定了其他查询词,google将在搜索结果里以高亮显示。例如查询“cache: www.hackingspirits.com guest”在返回的结果里将高亮显示”guest”。(受gfw影响,在大陆应该是用不了的)
[ intext: ]
“intext:” 寻找特定网页里的关键字,他不理会网址和文章标标题。例如 “intext:exploits” 将只返回包含指定关键字 “exploits”的网页的地址。
[ phonebook: ]
电话簿查询美国街道地址和电话号码信息。例如 “phonebook:Lisa+CA”将查询名字里面包含“Lisa” 并住在加州的人的所有名字。这对黑客使用社会工程学去挖掘个人信息是很有用的。
[Index of]
利用“Index of ”语法去发现允许目录浏览的web网站,就象在本地的普通目录一样。下面是一些有趣的查询:
Index of /admin
Index of /passwd
Index of /password
Index of /mail
“Index of /” +passwd
“Index of /” +password.txt
“Index of /” +.htaccess
“Index of /root”
“Index of /cgi-bin”
“Index of /logs”
“Index of /config”
(包含引号)
[利用“inurl:”或 “allinurl:” 寻找有漏洞的网站或服务器]
a、利用“allinurl:winnt/system32/” 查询:列出的服务器上本来应该受限制的诸如“system32” 等目录,如果你运气足够好,你会发现“system32” 目录里的“cmd.exe” 文件,并能执行他,接下来就是提升权限并攻克了。
b、 查询“allinurl:wwwboard/passwd.txt”将列出所有有“WWWBoard Password vulnerability”漏洞的服务器,阅读更多请参见下面链接。http: //www.securiteam.com/exploits/2BUQ4S0SAW.html
c、查询“inurl:.bash_history” 将列出互联网上可以看见 “inurl:.bash_history” 文件的服务器。这是一个命令历史文件,这个文件包含了管理员执行的命令,有时会包含一些敏感信息比如管理员键入的密码。
d、查询“inurl:config.txt” 将看见网上暴露了“inurl:config.txt”文件的服务器,这个文件包含了经过哈希编码的管理员的密码和数据库存取的关键信息。
e、还有一些其他一些使用“inurl:”和“allinurl:”查询组合的例子。
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:”wwwroot/*.”
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls “restricted”
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
(以上查询包含引号)
[利用“intitle:”和“allintitle:” 寻找有漏洞的服务器]
a、通过[allintitle: "index of /root”] 查询列出有“root”目录存取权限的服务器的列表,这个目录经常包含敏感信息,通过这些信息服务器可能会被轻易攻克。
b、通过[allintitle: "index of /admin”] 查询列出有“admin”目录列表权限的服务器的,绝大部分web 程序使用“admin”用户名去储存管理员权限。这个目录下的敏感信息可能会被利用来轻易地攻克服务器
常用的google关键字:
foo1 foo2 (也就是关联,比如搜索xx公司 xx美女)
operator:foo
filetype:123 类型
site:foo.com 相对直接看网站更有意思,可以得到许多意外的信息
intext:foo
intitle: fooltitle 标题哦
allinurl:foo 搜索xx网站的所有相关连接。(踩点必备)
links:foo 不要说就知道是它的相关链接
allintilte:foo.com

我们可以辅助"-" "+"来调整搜索的精确程度

直接搜索密码:(引号表示为精确搜索)
当然我们可以再延伸到上面的结果里进行二次搜索
"index of" htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等

越来越有意思了,再来点更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop port等多个关键字检索
webmin port 10000
inurl:/admin/login.asp
intext:Powered by GBook365
intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell

foo.org filetype:inc

ipsec filetype:conf
intilte:"error occurred" ODBC request WHERE (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦
intitle:"php shell*" "Enable stderr" filetype:php
"Dumping data for table" username password
intitle:"Error using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot" THS ADMIN
filetype:.doc site:.mil classified 直接搜索军方相关word

检查多个关键字:
intitle:config confixx login password

"mydomain.com" nessus report
"report generated by"
"ipconfig",women jeans;
"winipconfig"

google缓存利用(hoho,最有影响力的东西)推荐大家搜索时候多"选搜索所有网站"
特别推荐:administrator users 等相关的东西,比如名字,生日等……最惨也可以拿来做字典嘛
cache:foo.com

可以查阅类似结果

先找找网站的管理后台地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N个二级域名
site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的
site:xxxx.com intext:电话 //N个电话
intitle:"index of" etc
intitle:",womens puma shoes;Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd

allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data
……

一些技巧集合:

3) "http://*:*@www" domainname 找一些ISP站点,可以查对方ip的虚拟主机
3
4) auth_user_file.txt 不实用了,太老了

5) The Master List 寻找邮件列表的

6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统,默认开放端口90
7) passlist.txt (a better way) 字典

8) "A syntax error has occurred" filetype:ihtml

9) ext:php program_listing intitle:MythWeb.Program.Listing
10) intitle:index.of abyss.conf
11)ext:nbe nbe

12)intitle:"SWW link" "Please wait....."
13)

14) intitle:"Freifunk.Net - Status" -site:commando.de

15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

17) intitle:open-xchange inurl:login.pl

20) intitle:"site administration: please log in" "site designed by emarketsouth"
21) ORA-00921: unexpected end of SQL command

22)intitle:"YALA: Yet Another LDAP Administrator"
23)welcome.to phpqladmin "Please login" -cvsweb
24)intitle:"SWW link" "Please wait....."
25)inurl:"port_255" -htm

27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

这些是新的一些漏洞技巧,在0days公告公布

ext:php program_listing intitle:MythWeb.Program.Listing

inurl:preferences.ini "[emule]"

intitle:"Index of /CFIDE/" administrator

"access denied for user" "using password"

ext:php intext:"Powered by phpNewMan Version" 可以看到:path/to/news/browse.php?clang=../../../../../../file/i/want

inurl:"/becommunity/community/index.php?pageurl="

intitle:"ASP FileMan" Resend -site:iisworks.com

"Enter ip" inurl:"php-ping.php"

ext:conf inurl:rsyncd.conf -cvs -man

intitle: private, protected, secret, secure, winnt

intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql

"allow_call_time_pass_reference" "PATH_INFO"

"Certificate Practice Statement" inurl:(PDF | DOC)

LeapFTP intitle:"index.of./" sites.ini modified
master.passwd

mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin

"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"

inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory",buy jeans;
"liveice configuration file" ext:cfg -site:sourceforge.net
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini Version=... password
ext:txt inurl:unattend.txt

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:cfg mrtg "target[*]" -sample -cvs -example

filetype:cfm "cfapplication name" password

filetype:conf oekakibbs
filetype:conf sc_serv.conf

filetype:conf slapd.conf

filetype:config config intext:appSettings "User ID"

filetype:dat "password.dat"

filetype:dat wand.dat

filetype:inc dbconn

filetype:inc intext:mysql_connect
filetype:inc mysql_connect OR mysql_pconnect

filetype:inf sysprep

filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd

filetype:ldb admin

filetype:log "See `ipsec copyright"

filetype:log inurl:"password.log"

filetype:mdb inurl:users.mdb

filetype:mdb wwforum

filetype:netrc password

filetype:pass pass intext:userid

filetype:pem intext:private

filetype:properties inurl:db intext:password

filetype:pwd service
filetype:pwl pwl

filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password

 

站内搜索地址为:
http://www.google.com/custom?domains=(这里写我们要搜索的站点,比如feelids.com)
进去可以选择www和feelids.com, 当然再选我们要的站内搜索哦!
黑客专用信息和资料搜索地址为:
http://www.google.com/custom?hl=xx-hacker
这里是google关键字的用法,要设置它为中文,则是
http://www.google.com/custom?hl=zh-CN
英文则是http://www.google.com/custom?hl=en

常用的google关键字:
foo1 foo2 (也就是关联,比如搜索xx公司 xx美女)
operator:foo
filetype:123 类型
site:foo.com 相对直接看网站更有意思,可以得到许多意外的信息
intext:foo
intitle: fooltitle 标题哦
allinurl:foo 搜索xx网站的所有相关连接。(踩点必备)
links:foo 不要说就知道是它的相关链接
allintilte:foo.com

我们可以辅助"-" "+"来调整搜索的精确程度

直接搜索密码:(引号表示为精确搜索)
当然我们可以再延伸到上面的结果里进行二次搜索
"index of" htpasswd / passwd
filetype:xls username password email
"ws_ftp.log"
"config.php"
allinurl:admin mdb
service filetype:pwd ....或者某个比如pcanywhere的密码后缀cif等

越来越有意思了,再来点更敏感信息
"robots.txt" "Disallow:" filetype:txt
inurl:_vti_cnf (FrontPage的关键索引啦,扫描器的CGI库一般都有地)
allinurl: /msadc/Samples/selector/showcode.asp
/../../../passwd
/examples/jsp/snp/snoop.jsp
phpsysinfo
intitle:index of /admin
intitle:"documetation"
inurl: 5800(vnc的端口)或者desktop port等多个关键字检索
webmin port 10000
inurl:/admin/login.asp
intext:Powered by GBook365
intitle:"php shell*" "Enable stderr" filetype:php 直接搜索到phpwebshell

foo.org filetype:inc

ipsec filetype:conf
intilte:"error occurred" ODBC request Where (select|insert) 说白了就是说,可以直接试着查查数据库检索,针对目前流行的sql注射,会发达哦
intitle:"php shell*" "Enable stderr" filetype:php
"Dumping data for table" username password
intitle:"Error using Hypernews"
"Server Software"
intitle:"HTTP_USER_AGENT=Googlebot"
"HTTP_USER_ANGET=Googlebot" THS ADMIN
filetype:.doc site:.mil classified 直接搜索军方相关word

检查多个关键字:
intitle:config confixx login password

"mydomain.com" nessus report
"report generated by"
"ipconfig"
"winipconfig"

google缓存利用(hoho,最有影响力的东西)推荐大家搜索时候多"选搜索所有网站"
特别推荐:administrator users 等相关的东西,比如名字,生日等……最惨也可以拿来做字典嘛
cache:foo.com

可以查阅类似结果

先找找网站的管理后台地址:
site:xxxx.com intext:管理
site:xxxx.com inurl:login
site:xxxx.com intitle:管理
site:a2.xxxx.com inurl:file
site:a3.xxxx.com inurl:load
site:a2.xxxx.com intext:ftp://*:*
site:a2.xxxx.com filetype:asp
site:xxxx.com //得到N个二级域名
site:xxxx.com intext:*@xxxx.com //得到N个邮件地址,还有邮箱的主人的名字什么的
site:xxxx.com intext:电话 //N个电话
intitle:"index of" etc
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
"# -FrontPage-" inurl:service.pwd

allinurl:bbs data
filetype:mdb inurl:database
filetype:inc conn
inurl:data filetype:mdb
intitle:"index of" data
3) "http://*:*@www" domainname 找一些ISP站点,可以查对方ip的虚拟主机

4) auth_user_file.txt 不实用了,太老了

5) The Master List 寻找邮件列表的

6) intitle:"welcome.to.squeezebox" 一种特殊的管理系统,默认开放端口90

7) passlist.txt (a better way) 字典

8) "A syntax error has occurred" filetype:ihtml

9) ext:php program_listing intitle:MythWeb.Program.Listing

10) intitle:index.of abyss.conf

11)ext:nbe nbe

12)intitle:"SWW link" "Please wait....."

14) intitle:"Freifunk.Net - Status" -site:commando.de

15) intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

17) intitle:open-xchange inurl:login.pl

20) intitle:"site administration: please log in" "site designed by emarketsouth"

21) orA-00921: unexpected end of SQL command

22)intitle:"YALA: Yet Another LDAP Administrator"

23)welcome.to phpqladmin "Please login" -cvsweb

24)intitle:"SWW link" "Please wait....."

25)inurl:"port_255" -htm

27)intitle:"WorldClient" intext:"? (2003|2004) Alt-N Technologies."

这些是新的一些漏洞技巧,在0days公告公布

ext:php program_listing intitle:MythWeb.Program.Listing

inurl:preferences.ini "[emule]"

intitle:"Index of /CFIDE/" administrator

"access denied for user" "using password"

ext:php intext:"Powered by phpNewMan Version" 可以看到:path/to/news/browse.php?clang=../../../../../../file/i/want

inurl:"/becommunity/community/index.php?pageurl="

intitle:"ASP FileMan" Resend -site:iisworks.com

"Enter ip" inurl:"php-ping.php"

ext:conf inurl:rsyncd.conf -cvs -man

intitle: private, protected, secret, secure, winnt

intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql

"allow_call_time_pass_reference" "PATH_INFO"

"Certificate Practice Statement" inurl:(PDF | DOC)

LeapFTP intitle:"index.of./" sites.ini modified
master.passwd

mysql history files
NickServ registration passwords
passlist
passlist.txt (a better way)
passwd
passwd / etc (reliable)
people.lst
psyBNC config files
pwd.db
signin filetype:url
spwd.db / passwd
trillian.ini
wwwboard WebAdmin inurl:passwd.txt wwwboard|webadmin

"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-"

inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www" domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"powered by ducalendar" -site:duware.com
"Powered by Duclassified" -site:duware.com
"Powered by Duclassified" -site:duware.com "DUware All Rights reserved"
"powered by duclassmate" -site:duware.com
"Powered by Dudirectory" -site:duware.com
"powered by dudownload" -site:duware.com
"Powered By Elite Forum Version *.*"
"Powered by Link Department"
"sets mode: +k"
"Powered by DUpaypal" -site:duware.com
allinurl: admin mdb
auth_user_file.txt
config.php
eggdrop filetype:user user
etc (index.of)
ext:ini eudora.ini
ext:ini Version=... password
ext:txt inurl:unattend.txt

filetype:bak inurl:"htaccess|passwd|shadow|htusers"

filetype:cfg mrtg "target

" -sample -cvs -example

filetype:cfm "cfapplication name" password

filetype:conf oekakibbs
filetype:conf sc_serv.conf

filetype:conf slapd.conf

filetype:config config intext:appSettings "User ID"

filetype:dat "password.dat"

filetype:dat wand.dat

filetype:inc dbconn

filetype:inc intext:mysql_connect
filetype:inc mysql_connect or mysql_pconnect

filetype:inf sysprep

filetype:ini inurl:"serv-u.ini"
filetype:ini inurl:flashFXP.ini
filetype:ini ServUDaemon
filetype:ini wcx_ftp
filetype:ini ws_ftp pwd

filetype:ldb admin

filetype:log "See `ipsec copyright"

filetype:log inurl:"password.log"

filetype:mdb inurl:users.mdb

filetype:mdb wwforum

filetype:netrc password

filetype:pass pass intext:userid

filetype:pem intext:private

filetype:properties inurl:db intext:password

filetype:pwd service
filetype:pwl pwl

filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword"
filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS
filetype:sql ("values * MD" | "values * password" | "values * encrypt")
filetype:sql ("passwd values" | "password values" | "pass values" )
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password

filetype:url +inurl:"ftp://" +inurl:";@"

filetype:xls username password email

htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak

intext:"enable secret $"
intext:"powered by Web Wiz Journal"

intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified

intitle:dupics inurl:(add.asp | default.asp | view.asp | voting.asp) -site:duware.com

intitle:index.of intext:"secring.skr"|"secring.pgp"|"secring.bak"

inurl:"GRC.DAT" intext:"password"

inurl:"slapd.conf" intext:"credentials" -manpage -"Manual Page" -man: -sample

inurl:"slapd.conf" intext:"rootpw" -manpage -"Manual Page" -man: -sample

inurl:"wvdial.conf" intext:"password"

inurl:/db/main.mdb

inurl:chap-secrets -cvs

inurl:config.php dbuname dbpass
inurl:filezilla.xml -cvs

inurl:lilo.conf filetype:conf password -tatercounter -bootpwd -man

inurl:nuke filetype:sql

inurl:ospfd.conf intext:password -sample -test -tutorial -download 路由配置
inurl:pap-secrets -cvs

inurl:perform filetype:ini
inurl:secring ext:skr | ext:pgp | ext:bak

inurl:vtund.conf intext:pass -cvs

inurl:zebra.conf intext:password -sample -test -tutorial -download

"Generated by phpSystem"
"generated by wwwstat"

"Host Vulnerability Summary Report" ]

"HTTP_FROM=googlebot" googlebot.com "Server_Software="    "Index of" / "chat/logs" 聊天室
"Installed Objects Scanner" inurl:default.asp

"Mecury Version" "Infastructure Group"
"Microsoft (R) Windows * (TM) Version * DrWtsn Copyright (C)" ext:log

"Most Submitted Forms and Scripts" "this section"

"Network Vulnerability Assessment Report"

"not for distribution" confidential
"phone * * *" "address *" "e-mail" intitle:"curriculum vitae"

"phpMyAdmin" "running on" inurl:"main.php"

"produced by getstats"
"Request Details" "Control Tree" "Server Variables"
"robots.txt" "Disallow:" filetype:txt

"Running in Child mode"

"sets mode: +p"
"sets mode: +s"
"Thank you for your order" +receipt
"This is a Shareaza Node"
"This report was generated by WebLog"
( filetype:mail | filetype:eml | filetype:mbox | filetype:mbx ) intext:password|subject

(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt

-site:php.net -"The PHP Group" inurl:source inurl:url ext:pHp

FBR "ADOBE PHOTOSHOP"
AIM buddy lists
allinurl:/examples/jsp/snp/snoop.jsp
allinurl:servlet/SnoopServlet
cgiirc.conf

data filetype:mdb -site:gov -site:mil

exported email addresses

ext:asp inurl:pathto.asp

ext:cgi inurl:editcgi.cgi inurl:file=

ext:conf inurl:rsyncd.conf -cvs -man
ext:conf NoCatAuth -cvs

ext:dat bpk.dat
ext:gho gho

ext:ini intext:env.ini
ext:ldif ldif

ext:log "Software: Microsoft Internet Information Services *.*"
------------------------------------------------------------------------------------------
ext:mdb inurl:*.mdb inurl:fpdb shop.mdb

filetype:bkf bkf
filetype:blt "buddylist"
filetype:blt blt +intext:screenname

filetype:cfg auto_inst.cfg

filetype:conf inurl:firewall -intitle:cvs
filetype:config web.config -CVS

filetype:ctt ctt messenger

filetype:fp fp
filetype:fp fp -site:gov -site:mil -"cvs log"

filetype:inf inurl:capolicy.inf
filetype:lic lic intext:key

filetype:myd myd -CVS
filetype:ns ns
filetype:ora ora
filetype:ora tnsnames
filetype:pdb pdb backup (Pilot | Pluckerdb)

filetype:pot inurl:john.pot
------------------------------------------------------------------------------------------------------------------
filetype:pst inurl:"outlook.pst"
filetype:pst pst -from -to -date
filetype:qbb qbb
filetype:rdp rdp

filetype:reg "Terminal Server Client"
filetype:vcs vcs
filetype:wab wab

filetype:xls -site:gov inurl:contact
filetype:xls inurl:"email.xls"
Financial spreadsheets: finance.xls
Financial spreadsheets: finances.xls

Ganglia Cluster Reports

haccess.ctl (one way)
haccess.ctl (VERY reliable)
ICQ chat logs, please...

iletype:log cron.log
intext:"Session Start * * * *:*:* *" filetype:log
intext:"Tobias Oetiker" "traffic analysis"

intext:(password | passcode) intext:(username | userid | user) filetype:csv
intext:gmail invite intext:http://gmail.google.com/gmail/a

intext:SQLiteManager inurl:main.php

intitle:"Apache::Status" (inurl:server-status | inurl:status.html | inurl:apache.html)

intitle:"AppServ Open Project" -site:www.appservnetwork.com
intitle:"ASP Stats Generator *.*" "ASP Stats Generator" "- weppos"

intitle:"FTP root at"
intitle:"index of" +myd size

intitle:"Index Of" -inurl:maillog maillog size

intitle:"Index Of" cookies.txt size

intitle:"index of" mysql.conf or mysql_config
intitle:"Index of" upload size parent directory

intitle:"index.of" .diz .nfo last modified
intitle:"Multimon UPS status page"
intitle:"PHP Advanced Transfer" (inurl:index.php | inurl:showrecent.php )
intitle:"PhpMyExplorer" inurl:"index.php" -cvs
---------------------------------------------------------------------
intitle:"statistics of" "advanced web statistics"
intitle:"System Statistics" +"System and Network Information Center"
intitle:"Usage Statistics for" "Generated by Webalizer"
intitle:"wbem" compaq login "Compaq Information Technologies Group"

intitle:"Web Server Statistics for ****"
intitle:"web server status" SSH Telnet
intitle:"welcome.to.squeezebox"

intitle:admin intitle:login
intitle:index.of "Apache" "server at"
intitle:index.of cleanup.log
intitle:index.of dead.letter
intitle:index.of inbox
intitle:index.of inbox dbx

intitle:intranet inurl:intranet +intext:"phone"
inurl:"/axs/ax-admin.pl" -script
inurl:"/cricket/grapher.cgi"
inurl:"bookmark.htm"

inurl:"cacti" +inurl:"graph_view.php" +"Settings Tree View" -cvs -RPM
inurl:"newsletter/admin/"
inurl:"newsletter/admin/" intitle:"newsletter admin"
inurl:"putty.reg"
inurl:"smb.conf" intext:"workgroup" filetype:conf conf
----------------------------------------------------------------------------------------------------------

Welcome to ntop!

"adding new user" inurl:addnewuser -"there are no domains"
(inurl:/cgi-bin/.cobalt/) | (intext:"Welcome to the Cobalt RaQ")

filetype:php HAXPLORER "Server Files Browser"
intitle:"Web Data Administrator - Login"

inurl:ConnectComputer/precheck.htm | inurl:Remote/logon.aspx
PHP Shell (unprotected)
PHPKonsole PHPShell filetype:php -echo
Public PHP FileManagers

"index of" / picasa.ini
"index of" inurl:recycler
"Index of" rar r nfo Modified
"intitle:Index.Of /" stats merchant cgi-* etc
"Powered by Invision Power File Manager" (inurl:login.php) | (intitle:"Browsing directory /" )
"Web File Browser" "Use regular expression"

filetype:ini Desktop.ini intext:mydocs.dll

intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"Powered By: TotalIndex" intitle:"TotalIndex"
intitle:"album permissions" "Users who can modify photos" "EVERYBODY"
intitle:"Directory Listing For" intext:Tomcat -intitle:Tomcat
intitle:"HFS /" +"HttpFileServer"
intitle:"Index of *" inurl:"my shared folder" size modified
-------------------------------------------------------------------------------------------------------------------

"File Upload Manager v." "rename to"

ext:asp "powered by DUForum" inurl:(messages|details|login|default|register) -site:duware.com
ext:asp inurl:DUgallery intitle:"." -site:dugallery.com -site:duware.com
ext:cgi inurl:ubb_test

ezBOO "Administrator Panel" -cvs

filetype:cgi inurl:cachemgr.cgi
filetype:cnf my.cnf -cvs -example
filetype:inc inc intext:setcookie

filetype:php inurl:"viewfile" -"index.php" -"idfil
filetype:wsdl wsdl

intitle:"ASP FileMan" Resend -site:iisworks.com

intitle:"Index of /" modified php.exe

intitle:"phpremoteview" filetype:php "Name, Size, Type, Modify"

inurl:" WWWADMIN.PL" intitle:"wwwadmin"
inurl:"nph-proxy.cgi" "Start browsing through this CGI-based proxy"
inurl:"plog/register.php"
inurl:cgi.asx?StoreID

inurl:robpoll.cgi filetype:cgi

The Master List

"More Info about MetaCart Free"

 

你可能感兴趣的:(技术)