*** NOW THIS IS PURE 18+ STUFF ***
Querying for vulnerable sites or servers using Google’s advance syntaxes
Well, the Google’s query syntaxes discussed above can really
help people to precise their search and get what they are
exactly looking for.
Now Google being so intelligent search engine, malicious users
don’t mind exploiting its ability to dig confidential and secret
information from internet which has got restricted access. Now I
shall discuss those techniques in details how malicious user dig
information from internet using Google as a tool.
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse
the webserver directories like ordinary local directories. Here
I shall discuss how one can use “index of” syntax to get a list
links to webserver which has got directory browsing enabled.
This becomes an easy source for information gathering for a
hacker. Imagine if the get hold of password files or others
sensitive files which are not normally visible to the internet.
Below given are few examples using which one can get access to
many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using [/s3]“inurl:” or “allinurl:”[/s3]
a. Using “allinurl: winnt/system32/ ” (without quotes) will list
down all the links to the server which gives access to
restricted directories like “system32” through web. If you are
lucky enough then you might get access to the cmd.exe in the
“system32” directory. Once you have the access to “cmd.exe”
and are able to execute it then you can go ahead in further
escalating your privileges over the server and compromise it.
b. Using “allinurl: wwwboard/passwd.txt ” (without quotes) in the
Google search will list down all the links to the server which
are vulnerable to “WWWBoard Password vulnerability”. For more info Google it out.
c. Using “inurl: .bash_history ” (without quotes) will list down
all the links to the server which gives access to
“.bash_history” file through web. This is a command history
file. This file includes the list of command executed by the
administrator, and sometimes includes sensitive information
such as password typed in by the administrator. If this file
is compromised and if contains the encrypted unix (or *nix)
password then it can be easily cracked using “John The
Ripper”.
d. Using “ inurl: config.txt” (without quotes) will list down all
the links to the servers which gives access to “config.txt”
file through web. This file contains sensitive information,
including the hash value of the administrative password and
database authentication credentials. For Example: Ingenium
Learning Management System is a Web-based application for
Windows based systems developed by Click2learn, Inc. Ingenium
Learning Management System versions 5.1 and 6.1 stores
sensitive information insecurely in the config.txt file.
Other similar search using “inurl:” or “allinurl:” combined with other syntaxs
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl: orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [ allintitle: "index of /root”] (without brackets) will
list down the links to the web server which gives access to
restricted directories like “root” through web. This directory
sometimes contains sensitive information which can be easily
retrieved through simple web requests.
b. Using [ allintitle: "index of /admin”] (without brackets) will
list down the links to the websites which has got index
browsing enabled for restricted directories like “admin”
through web. Most of the web application sometimes uses names
like “admin” to store admin credentials in it. This directory
sometimes contains sensitive information which can be easily
retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntaxs
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
Querying for vulnerable sites or servers using Google’s advance syntaxes
Well, the Google’s query syntaxes discussed above can really
help people to precise their search and get what they are
exactly looking for.
Now Google being so intelligent search engine, malicious users
don’t mind exploiting its ability to dig confidential and secret
information from internet which has got restricted access. Now I
shall discuss those techniques in details how malicious user dig
information from internet using Google as a tool.
Using “Index of ” syntax to find sites enabled with Index browsing
A webserver with Index browsing enabled means anyone can browse
the webserver directories like ordinary local directories. Here
I shall discuss how one can use “index of” syntax to get a list
links to webserver which has got directory browsing enabled.
This becomes an easy source for information gathering for a
hacker. Imagine if the get hold of password files or others
sensitive files which are not normally visible to the internet.
Below given are few examples using which one can get access to
many sensitive information much easily.
Index of /admin
Index of /passwd
Index of /password
Index of /mail
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
"Index of /secret"
"Index of /confidential"
"Index of /root"
"Index of /cgi-bin"
"Index of /credit-card"
"Index of /logs"
"Index of /config"
Looking for vulnerable sites or servers using [/s3]“inurl:” or “allinurl:”[/s3]
a. Using “allinurl: winnt/system32/ ” (without quotes) will list
down all the links to the server which gives access to
restricted directories like “system32” through web. If you are
lucky enough then you might get access to the cmd.exe in the
“system32” directory. Once you have the access to “cmd.exe”
and are able to execute it then you can go ahead in further
escalating your privileges over the server and compromise it.
b. Using “allinurl: wwwboard/passwd.txt ” (without quotes) in the
Google search will list down all the links to the server which
are vulnerable to “WWWBoard Password vulnerability”. For more info Google it out.
c. Using “inurl: .bash_history ” (without quotes) will list down
all the links to the server which gives access to
“.bash_history” file through web. This is a command history
file. This file includes the list of command executed by the
administrator, and sometimes includes sensitive information
such as password typed in by the administrator. If this file
is compromised and if contains the encrypted unix (or *nix)
password then it can be easily cracked using “John The
Ripper”.
d. Using “ inurl: config.txt” (without quotes) will list down all
the links to the servers which gives access to “config.txt”
file through web. This file contains sensitive information,
including the hash value of the administrative password and
database authentication credentials. For Example: Ingenium
Learning Management System is a Web-based application for
Windows based systems developed by Click2learn, Inc. Ingenium
Learning Management System versions 5.1 and 6.1 stores
sensitive information insecurely in the config.txt file.
Other similar search using “inurl:” or “allinurl:” combined with other syntaxs
inurl:admin filetype:txt
inurl:admin filetype:db
inurl:admin filetype:cfg
inurl:mysql filetype:cfg
inurl:passwd filetype:txt
inurl:iisadmin
inurl:auth_user_file.txt
inurl: orders.txt
inurl:"wwwroot/*."
inurl:adpassword.txt
inurl:webeditor.php
inurl:file_upload.php
inurl:gov filetype:xls "restricted"
index of ftp +.mdb allinurl:/cgi-bin/ +mailto
Looking for vulnerable sites or servers using “intitle:” or “allintitle:”
a. Using [ allintitle: "index of /root”] (without brackets) will
list down the links to the web server which gives access to
restricted directories like “root” through web. This directory
sometimes contains sensitive information which can be easily
retrieved through simple web requests.
b. Using [ allintitle: "index of /admin”] (without brackets) will
list down the links to the websites which has got index
browsing enabled for restricted directories like “admin”
through web. Most of the web application sometimes uses names
like “admin” to store admin credentials in it. This directory
sometimes contains sensitive information which can be easily
retrieved through simple web requests.
Other similar search using “intitle:” or “allintitle:” combined with other syntaxs
intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov
Other interesting Search Queries
To search for sites vulnerable to Cross-Sites Scripting (XSS) attacks:
allinurl:/scripts/cart32.exe
allinurl:/CuteNews/show_archives.php
allinurl:/phpinfo.php
To search for sites vulnerable to SQL Injection attacks:
allinurl:/privmsg.php
allinurl:/privmsg.php
Hello friends thanks for day... market negative closed but recover SENSEX down closed and tomorrow sure NSE BSE Call ..... more tips..
ReplyDeleteblogger templates
showing research and very informative, a great compilation, an Excellent share will be looking for more … keeps on writing. I bookmarked this blogs and share with my friends.
ReplyDeleteminecraft hosting