Group Blog
 
 
สิงหาคม 2552
 
 1
2345678
9101112131415
16171819202122
23242526272829
3031 
 
1 สิงหาคม 2552
 
All Blogs
 

วิธีใช้ google hack

วิธีใช้ google hack

เนื่องจากความเก่งกาจของ google จึงไม่แปลกที่มีผู้ใช้เป็นจำนวนมากแต่ทุกๆอย่างย่อมมีทั้งดี-เสีย ลองดูเองแล้วกันนะครับ

//johnny.ihackstuff.com/index.php?module=prodreviews
//petjka.blogspot.com/

SEARCH PATHS :

"Index of /admin"
"Index of /password"
"Index of /mail"
"Index of /" +passwd
"Index of /" +password.txt
"Index of /" +.htaccess
index of ftp +.mdb allinurl:/cgi-bin/ +mailto

administrators.pwd.index
authors.pwd.index
service.pwd.index
filetype:config web
gobal.asax index

allintitle: "index of/admin"
allintitle: "index of/root"
allintitle: sensitive filetype:doc
allintitle: restricted filetype :mail
allintitle: restricted filetype:doc site:gov

inurl: passwd filetype:txt
inurl: admin filetype:db
inurl: iisadmin
inurl: "auth_user_file.txt"
inurl: "wwwroot/*."


top secret site:mil
confidential site:mil

allinurl: winnt/system32/ (get cmd.exe)
allinurl:/bash_history

intitle:"Index of" .sh_history
intitle:"Index of" .bash_history
intitle:"index of" passwd
intitle:"index of" people.lst
intitle:"index of" pwd.db
intitle:"index of" etc/shadow
intitle:"index of" spwd
intitle:"index of" master.passwd
intitle:"index of" htpasswd
intitle:"index of" members OR accounts
intitle:"index of" user_carts OR user_cart

ALTERNATIVE INPUTS====================

_vti_inf.html
service.pwd
users.pwd
authors.pwd
administrators.pwd
shtml.dll
shtml.exe
fpcount.exe
default.asp
showcode.asp
sendmail.cfm
getFile.cfm
imagemap.exe
test.bat
msadcs.dll
htimage.exe
counter.exe
browser.inc
hello.bat
default.aspdvwssr.dll
cart32.exe
add.exe
index.jsp
SessionServlet
shtml.dll
index.cfm
page.cfm
shtml.exe
web_store.cgi
shop.cgi
upload.asp
default.asp
pbserver.dll
phf
test-cgi
finger
Count.cgi
jj
php.cgi
php
nph-test-cgi
handler
webdist.cgi
webgais
websendmail
faxsurvey
htmlscript
perl.exe
//www.oard.pl
//www.sql
view-source
campas
aglimpse
glimpse
man.sh
AT-admin.cgi
AT-generate.cgi
filemail.pl
maillist.pl
info2www
files.pl
bnbform.cgi
survey.cgi
classifieds.cgi
wrap
cgiwrap
edit.pl
perl
names.nsf
webgais
dumpenv.pl
test.cgi
submit.cgi
guestbook.cgi
guestbook.pl
cachemgr.cgi
responder.cgi
perlshop.cgi
query
w3-msql
plusmail
htsearch
infosrch.cgi
publisher
ultraboard.cgi
db.cgi
formmail.cgi
allmanage.pl
ssi
adpassword.txt
redirect.cgi
cvsweb.cgi
login.jsp
dbconnect.inc
admin
htgrep
wais.pl
amadmin.pl
subscribe.pl
news.cgi
auctionweaver.pl
.htpasswd
acid_main.php
access.log
log.htm
log.html
log.txt
logfile
logfile.htm
logfile.html
logfile.txt
logger.html
stat.htm
stats.htm
stats.html
stats.txt
webaccess.htm
//www.tats.html
source.asp
perl
mailto.cgi
YaBB.pl
mailform.pl
cached_feed.cgi
global.cgi
Search.pl
build.cgi
common.php
show
global.inc
ad.cgi
WSFTP.LOG
index.html~
index.php~
index.html.bak
index.php.bak
print.cgi
register.cgi
webdriver
bbs_forum.cgi
mysql.class
sendmail.inc
CrazyWWWBoard.cgi
search.pl
way-board.cgi
webpage.cgi
pwd.dat
adcycle
post-query
help.cgi

Dont make war, make love or learn...




posted by AGRESSSORS @ 6:13 PM
Again Google

This reveals mySQL database dumps. These database dumps list the structure and content of databases, which can reveal many different types of sensitive information.

//www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22%23mysql+dump%22+filetype%3Asql&btnG=Search
----------------------------------------------------------------------------------------
These log files record info about the SSH client PUTTY. These files contain usernames, site names, IP addresses, ports and various other information about the SSH server connected to.

//www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+username+putty
----------------------------------------------------------------------------------------
These files contain cleartext usernames and passwords, as well as the sites associated with those credentials. Attackers can use this information to log on to that site as that user.

//www.google.com/search?hl=en&lr=&ie=UTF-8&q=filetype%3Alog+inurl%3A%22password.log%22
---------------------------------------------------------------------------------------

This file contains port number, version number and path info to MySQL server.

//www.google.com/search?hl=en&lr=&ie=UTF-8&q=intitle%3A%22index+of%22+mysql.conf+OR+mysql_config
-----------------------------------------------------------------------------------------

This search reveals sites which may be using Shockwave (Flash) as a login mechanism for a site. The usernames and passwords for this type of login mechanism are often stored in plaintext inside the source of the .swl file.

//www.google.com/search?hl=en&lr=&q=inurl%3Alogin+filetype%3Aswf+swf
--------------------------------------------------------------------------------------

These are oulook express email files which contain emails, with full headers. The information in these emails can be useful for information gathering about a target.

//www.google.com/search?hl=en&lr=&q=filetype%3Aeml+eml+%2Bintext%3A%22Subject%22+%2Bintext%3A%22From%22+%2Bintext%3A%22To%22
----------------------------------------------------------------------------------------

This google search reveals users names, pop3 passwords, email addresses, servers connected to and more. The IP addresses of the users can also be revealed in some cases.

//www.google.com/search?num=100&hl=en&lr=&q=filetype%3Areg+reg+%2Bintext%3A%22internet+account+manager
---------------------------------------------------------------------------------------




 

Create Date : 01 สิงหาคม 2552
1 comments
Last Update : 1 สิงหาคม 2552 23:29:00 น.
Counter : 108823 Pageviews.

 

แวะมาทักทาย ครับ อยู่ ปราจีนบุรี ครับ

 

โดย: เพื่อนปราจีน 22 กันยายน 2554 21:35:48 น.  

ชื่อ : * blog นี้ comment ได้เฉพาะสมาชิก
Comment :
  *ส่วน comment ไม่สามารถใช้ javascript และ style sheet
 
รหัสส่งข้อความ
กรุณายืนยันรหัสส่งข้อความ


bunyawat02
Location :


[ดู Profile ทั้งหมด]

ให้ทิปเจ้าของ Blog [?]
ฝากข้อความหลังไมค์
Rss Feed

ผู้ติดตามบล็อก : 1 คน [?]




Friends' blogs
[Add bunyawat02's blog to your web]
Links
 

 Pantip.com | PantipMarket.com | Pantown.com | © 2004 BlogGang.com allrights reserved.